# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 15.05.2024 16:40:36.418 Process: id = "1" image_name = "7075.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\7075.exe" page_root = "0x5fd03000" os_pid = "0xd50" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x678" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 119 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 120 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 121 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 122 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 123 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 124 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 125 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 126 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 127 start_va = 0x860000 end_va = 0x86bfff monitored = 1 entry_point = 0x86747e region_type = mapped_file name = "7075.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7075.exe") Region: id = 128 start_va = 0x870000 end_va = 0x870fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 129 start_va = 0x77220000 end_va = 0x7739afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 130 start_va = 0x7ed70000 end_va = 0x7ed92fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ed70000" filename = "" Region: id = 131 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 132 start_va = 0x7fff0000 end_va = 0x7ffff079ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 133 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 134 start_va = 0x7ffff0961000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffff0961000" filename = "" Region: id = 273 start_va = 0x1c0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 274 start_va = 0x656f0000 end_va = 0x6573ffff monitored = 0 entry_point = 0x65708180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 275 start_va = 0x65670000 end_va = 0x656e9fff monitored = 0 entry_point = 0x65683290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 276 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 277 start_va = 0x65740000 end_va = 0x65747fff monitored = 0 entry_point = 0x657417c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 278 start_va = 0x880000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 279 start_va = 0x6fa30000 end_va = 0x6fa88fff monitored = 1 entry_point = 0x6fa40780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 280 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 281 start_va = 0x74920000 end_va = 0x74a9dfff monitored = 0 entry_point = 0x749d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 282 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 283 start_va = 0x7ec70000 end_va = 0x7ed6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ec70000" filename = "" Region: id = 284 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 285 start_va = 0x870000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 286 start_va = 0x890000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 287 start_va = 0xa10000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 288 start_va = 0x73ea0000 end_va = 0x73f31fff monitored = 0 entry_point = 0x73ee0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 289 start_va = 0x7e8c0000 end_va = 0x7ec60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 290 start_va = 0x870000 end_va = 0x873fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 291 start_va = 0x75a50000 end_va = 0x75acafff monitored = 0 entry_point = 0x75a6e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 292 start_va = 0x75640000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75675630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 293 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 294 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 295 start_va = 0x75900000 end_va = 0x75943fff monitored = 0 entry_point = 0x75919d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 296 start_va = 0x75ad0000 end_va = 0x75b7cfff monitored = 0 entry_point = 0x75ae4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 297 start_va = 0x73f50000 end_va = 0x73f6dfff monitored = 0 entry_point = 0x73f5b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 298 start_va = 0x73f40000 end_va = 0x73f49fff monitored = 0 entry_point = 0x73f42a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 299 start_va = 0x755e0000 end_va = 0x75637fff monitored = 0 entry_point = 0x756225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 300 start_va = 0x8a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 301 start_va = 0x6f9b0000 end_va = 0x6fa2cfff monitored = 1 entry_point = 0x6f9c0db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 302 start_va = 0x74e30000 end_va = 0x74e74fff monitored = 0 entry_point = 0x74e4de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 303 start_va = 0x75420000 end_va = 0x755dcfff monitored = 0 entry_point = 0x75502a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 304 start_va = 0x74250000 end_va = 0x7439efff monitored = 0 entry_point = 0x74306820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 305 start_va = 0x74c10000 end_va = 0x74d56fff monitored = 0 entry_point = 0x74c21cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 306 start_va = 0x600000 end_va = 0x787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 307 start_va = 0x8a0000 end_va = 0x8c9fff monitored = 0 entry_point = 0x8a5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 308 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 309 start_va = 0x757e0000 end_va = 0x7580afff monitored = 0 entry_point = 0x757e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 310 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 311 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 312 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 313 start_va = 0xb10000 end_va = 0xc90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b10000" filename = "" Region: id = 314 start_va = 0xca0000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 315 start_va = 0x880000 end_va = 0x885fff monitored = 1 entry_point = 0x88747e region_type = mapped_file name = "7075.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7075.exe") Region: id = 316 start_va = 0x75410000 end_va = 0x7541bfff monitored = 0 entry_point = 0x75413930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 317 start_va = 0x6f9a0000 end_va = 0x6f9a7fff monitored = 0 entry_point = 0x6f9a17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 318 start_va = 0x20a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 319 start_va = 0x6f3f0000 end_va = 0x6f99ffff monitored = 1 entry_point = 0x6f43a848 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 320 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 321 start_va = 0x6f350000 end_va = 0x6f3eafff monitored = 0 entry_point = 0x6f35232b region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll") Region: id = 322 start_va = 0x21b0000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 323 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 324 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 325 start_va = 0x8b0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 326 start_va = 0x8c0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 327 start_va = 0x8d0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 328 start_va = 0x8e0000 end_va = 0x8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 329 start_va = 0x8f0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 330 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 331 start_va = 0x790000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 332 start_va = 0x20a0000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 333 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 334 start_va = 0x75ca0000 end_va = 0x7709efff monitored = 0 entry_point = 0x75e5b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 335 start_va = 0x758c0000 end_va = 0x758f6fff monitored = 0 entry_point = 0x758c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 336 start_va = 0x74f10000 end_va = 0x75408fff monitored = 0 entry_point = 0x75117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 337 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 338 start_va = 0x74d60000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 339 start_va = 0x74f00000 end_va = 0x74f0efff monitored = 0 entry_point = 0x74f02e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 340 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 341 start_va = 0x2380000 end_va = 0x26b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 342 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 343 start_va = 0x26c0000 end_va = 0x46bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 344 start_va = 0x21b0000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 345 start_va = 0x2370000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 346 start_va = 0x7d0000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 347 start_va = 0x2250000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 348 start_va = 0x6dc10000 end_va = 0x6e709fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll") Region: id = 349 start_va = 0x75950000 end_va = 0x75a3afff monitored = 0 entry_point = 0x7598d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 350 start_va = 0x46c0000 end_va = 0x4750fff monitored = 0 entry_point = 0x46f8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 351 start_va = 0x73e20000 end_va = 0x73e94fff monitored = 0 entry_point = 0x73e59a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 352 start_va = 0x46c0000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 353 start_va = 0x920000 end_va = 0x922fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 354 start_va = 0x930000 end_va = 0x935fff monitored = 1 entry_point = 0x93747e region_type = mapped_file name = "7075.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7075.exe") Region: id = 355 start_va = 0x6f2f0000 end_va = 0x6f34afff monitored = 1 entry_point = 0x6f339010 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 356 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 357 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 358 start_va = 0x940000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 359 start_va = 0x950000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 360 start_va = 0x4770000 end_va = 0x4815fff monitored = 0 entry_point = 0x47fe14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 361 start_va = 0x4870000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004870000" filename = "" Region: id = 362 start_va = 0x46c0000 end_va = 0x4765fff monitored = 0 entry_point = 0x474e14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 363 start_va = 0x9a0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 364 start_va = 0x4d50000 end_va = 0x521dfff monitored = 0 entry_point = 0x51cc76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 365 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 366 start_va = 0x4880000 end_va = 0x4d4dfff monitored = 0 entry_point = 0x4cfc76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 367 start_va = 0x6eb40000 end_va = 0x6f2e2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\2dcc35955cda7c1279cec70d8a3ac1c1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\2dcc35955cda7c1279cec70d8a3ac1c1\\system.ni.dll") Region: id = 368 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 369 start_va = 0x970000 end_va = 0x974fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 370 start_va = 0x4820000 end_va = 0x4860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 371 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 372 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 373 start_va = 0x6fcb0000 end_va = 0x6fdfafff monitored = 0 entry_point = 0x6fd11660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 374 start_va = 0x74820000 end_va = 0x748b1fff monitored = 0 entry_point = 0x74858cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 375 start_va = 0x980000 end_va = 0x980fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 376 start_va = 0x75700000 end_va = 0x75783fff monitored = 0 entry_point = 0x75726220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 377 start_va = 0x9e0000 end_va = 0x9e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 378 start_va = 0x9f0000 end_va = 0x9f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 379 start_va = 0x5220000 end_va = 0x5264fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 380 start_va = 0xa00000 end_va = 0xa03fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 381 start_va = 0x5270000 end_va = 0x52fdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 382 start_va = 0x2350000 end_va = 0x2360fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 383 start_va = 0x5300000 end_va = 0x5303fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 384 start_va = 0x5310000 end_va = 0x5324fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 385 start_va = 0x5330000 end_va = 0x5330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005330000" filename = "" Region: id = 386 start_va = 0x810000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 387 start_va = 0x5340000 end_va = 0x543ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005340000" filename = "" Region: id = 388 start_va = 0x5440000 end_va = 0x547ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005440000" filename = "" Region: id = 389 start_va = 0x5480000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005480000" filename = "" Region: id = 390 start_va = 0x5580000 end_va = 0x55bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 391 start_va = 0x55c0000 end_va = 0x56bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 392 start_va = 0x56c0000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056c0000" filename = "" Region: id = 393 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 394 start_va = 0x5800000 end_va = 0x583ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 395 start_va = 0x5840000 end_va = 0x593ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005840000" filename = "" Region: id = 396 start_va = 0x717d0000 end_va = 0x7194dfff monitored = 0 entry_point = 0x7184c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 397 start_va = 0x73b30000 end_va = 0x73dfafff monitored = 0 entry_point = 0x73d6c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 398 start_va = 0x5300000 end_va = 0x5300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005300000" filename = "" Region: id = 412 start_va = 0x7e8c0000 end_va = 0x7ec60fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 430 start_va = 0x5940000 end_va = 0x594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005940000" filename = "" Region: id = 466 start_va = 0x5950000 end_va = 0x598ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005950000" filename = "" Region: id = 467 start_va = 0x5990000 end_va = 0x5a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005990000" filename = "" Thread: id = 1 os_tid = 0xd54 [0087.961] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0xa28bd0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfb8, lpName="Global\\Cor_Private_IPCBlock_3408") returned 0x128 [0087.965] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0xa28c00, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x134, lpName="Global\\Cor_Public_IPCBlock_3408") returned 0x130 [0090.518] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0090.824] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", nBufferLength=0x105, lpBuffer=0x18e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", lpFilePart=0x0) returned 0x26 [0090.824] GetLastError () returned 0x2 [0090.830] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", lpFilePart=0x0) returned 0x26 [0090.830] GetLastError () returned 0x2 [0090.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x18e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0090.887] GetLastError () returned 0x2 [0090.892] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x18e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0090.892] GetLastError () returned 0x2 [0090.892] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x18e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0090.892] GetLastError () returned 0x2 [0090.903] GetVersionExW (in: lpVersionInformation=0xa52438*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xa52438*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0090.904] GetLastError () returned 0x2 [0090.905] GetVersionExW (in: lpVersionInformation=0xa52438*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xa52438*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0090.905] GetLastError () returned 0x2 [0090.906] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x18e7c8, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0090.912] CreateFileMappingW (hFile=0x260, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x25c [0091.116] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0091.512] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0092.853] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0092.879] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0092.891] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", nBufferLength=0x105, lpBuffer=0x18e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", lpFilePart=0x0) returned 0x26 [0092.891] GetLastError () returned 0x0 [0092.892] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", nBufferLength=0x105, lpBuffer=0x18e148, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", lpFilePart=0x0) returned 0x26 [0092.892] GetLastError () returned 0x0 [0093.191] lstrlenW (lpString="䅁") returned 1 [0093.194] GetVersionExW (in: lpVersionInformation=0xa52a00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xa52a00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0093.194] GetLastError () returned 0x0 [0093.633] RegQueryValueExW (in: hKey=0x80000001, lpValueName="di", lpReserved=0x0, lpType=0x18ed38, lpData=0x0, lpcbData=0x18ed34*=0x0 | out: lpType=0x18ed38*=0x0, lpData=0x0, lpcbData=0x18ed34*=0x0) returned 0x2 [0093.639] RegSetValueExW (in: hKey=0x80000001, lpValueName="di", Reserved=0x0, dwType=0x1, lpData="!", cbData=0x4 | out: lpData="!") returned 0x0 [0098.657] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="7657c14284185fbd3fb108b43c7467ba") returned 0x28c [0098.659] GetLastError () returned 0x0 [0099.783] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0xa529e8, nSize=0x80 | out: lpBuffer="") returned 0x24 [0099.783] GetLastError () returned 0x0 [0099.787] GetLongPathNameW (in: lpszShortPath="c:\\users\\rdhj0c~1\\", lpszLongPath=0x18e884, cchBuffer=0x104 | out: lpszLongPath="c:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0099.789] GetLastError () returned 0x0 [0099.790] GetFullPathNameW (in: lpFileName="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e8ac, lpFilePart=0x0 | out: lpBuffer="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp\\server.exe", lpFilePart=0x0) returned 0x33 [0099.790] GetLastError () returned 0x0 [0099.838] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0xa529e8, nSize=0x80 | out: lpBuffer="") returned 0x24 [0099.838] GetLastError () returned 0x0 [0099.838] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x18e878, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0099.839] GetLastError () returned 0x0 [0099.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0099.839] GetLastError () returned 0x0 [0099.839] SetErrorMode (uMode=0x1) returned 0x0 [0099.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe"), fInfoLevelId=0x0, lpFileInformation=0x18ed20 | out: lpFileInformation=0x18ed20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.841] GetLastError () returned 0x2 [0099.841] SetErrorMode (uMode=0x0) returned 0x1 [0099.841] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0xa529e8, nSize=0x80 | out: lpBuffer="") returned 0x24 [0099.841] GetLastError () returned 0x2 [0099.844] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x18e768, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0099.844] GetLastError () returned 0x2 [0099.845] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e790, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0099.845] GetLastError () returned 0x2 [0099.845] SetErrorMode (uMode=0x1) returned 0x0 [0099.848] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x290 [0099.852] GetLastError () returned 0x0 [0099.853] GetFileType (hFile=0x290) returned 0x1 [0099.854] SetErrorMode (uMode=0x0) returned 0x1 [0099.854] GetFileType (hFile=0x290) returned 0x1 [0099.854] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", nBufferLength=0x105, lpBuffer=0x18e840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", lpFilePart=0x0) returned 0x26 [0099.854] GetLastError () returned 0x0 [0099.855] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", nBufferLength=0x105, lpBuffer=0x18e780, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe", lpFilePart=0x0) returned 0x26 [0099.855] GetLastError () returned 0x0 [0099.855] SetErrorMode (uMode=0x1) returned 0x0 [0099.856] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7075.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7075.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x294 [0099.856] GetLastError () returned 0x0 [0099.856] GetFileType (hFile=0x294) returned 0x1 [0099.856] SetErrorMode (uMode=0x0) returned 0x1 [0099.856] GetFileType (hFile=0x294) returned 0x1 [0099.857] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x18ed34 | out: lpFileSizeHigh=0x18ed34*=0x0) returned 0x5e00 [0099.858] GetLastError () returned 0x0 [0099.859] ReadFile (in: hFile=0x294, lpBuffer=0x26c79a4, nNumberOfBytesToRead=0x5e00, lpNumberOfBytesRead=0x18ecdc, lpOverlapped=0x0 | out: lpBuffer=0x26c79a4*, lpNumberOfBytesRead=0x18ecdc*=0x5e00, lpOverlapped=0x0) returned 1 [0099.861] GetLastError () returned 0x0 [0099.863] CloseHandle (hObject=0x294) returned 1 [0099.863] GetLastError () returned 0x0 [0099.863] WriteFile (in: hFile=0x290, lpBuffer=0x26c79a4*, nNumberOfBytesToWrite=0x5e00, lpNumberOfBytesWritten=0x18ed14, lpOverlapped=0x0 | out: lpBuffer=0x26c79a4*, lpNumberOfBytesWritten=0x18ed14*=0x5e00, lpOverlapped=0x0) returned 1 [0099.865] GetLastError () returned 0x0 [0099.865] CloseHandle (hObject=0x290) returned 1 [0099.868] GetLastError () returned 0x0 [0099.868] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0xa529e8, nSize=0x80 | out: lpBuffer="") returned 0x24 [0099.868] GetLastError () returned 0x0 [0099.868] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x18e884, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0099.869] GetLastError () returned 0x0 [0099.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0099.869] GetLastError () returned 0x0 [0099.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e840, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0099.869] GetLastError () returned 0x0 [0099.886] lstrlenW (lpString="䅁") returned 1 [0099.887] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0xa65b70 [0099.889] RtlMoveMemory (in: Destination=0xa65b70, Source=0x26cda88, Length=0x68 | out: Destination=0xa65b70) [0099.910] ShellExecuteExW (in: pExecInfo=0x26cde74*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x26cde74*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x448)) returned 1 [0100.380] GetLastError () returned 0x0 [0100.382] LocalFree (hMem=0xa65b70) returned 0x0 [0100.382] GetLastError () returned 0x0 [0100.918] CoGetContextToken (in: pToken=0x18ebc8 | out: pToken=0x18ebc8) returned 0x0 [0100.918] CObjectContext::QueryInterface () returned 0x0 [0100.918] CObjectContext::GetCurrentThreadType () returned 0x0 [0100.918] Release () returned 0x0 [0100.919] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0xa28f88*=0x13c, lpdwindex=0x18ea34 | out: lpdwindex=0x18ea34) returned 0x0 Thread: id = 2 os_tid = 0xd4c Thread: id = 3 os_tid = 0xd48 Thread: id = 4 os_tid = 0xd44 [0090.683] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0100.989] CloseHandle (hObject=0x448) returned 1 [0100.989] GetLastError () returned 0x0 [0100.994] CloseHandle (hObject=0x28c) returned 1 [0100.994] GetLastError () returned 0x0 [0100.995] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 5 os_tid = 0x518 Thread: id = 6 os_tid = 0x3a4 Thread: id = 7 os_tid = 0x11a4 Thread: id = 8 os_tid = 0x11bc Thread: id = 9 os_tid = 0x11e4 Thread: id = 12 os_tid = 0x11c0 Process: id = "2" image_name = "server.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe" page_root = "0x7c074000" os_pid = "0x11b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xd50" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 399 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 400 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 401 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 402 start_va = 0x140000 end_va = 0x14bfff monitored = 1 entry_point = 0x14747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 403 start_va = 0x150000 end_va = 0x151fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 404 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 405 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 406 start_va = 0x77220000 end_va = 0x7739afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 407 start_va = 0x7eee0000 end_va = 0x7ef02fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eee0000" filename = "" Region: id = 408 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 409 start_va = 0x7fff0000 end_va = 0x7ffff079ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 410 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 411 start_va = 0x7ffff0961000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffff0961000" filename = "" Region: id = 413 start_va = 0x90000 end_va = 0x93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 414 start_va = 0xa0000 end_va = 0xa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 415 start_va = 0xb0000 end_va = 0xb1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 416 start_va = 0xc0000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 417 start_va = 0x656f0000 end_va = 0x6573ffff monitored = 0 entry_point = 0x65708180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 418 start_va = 0x65670000 end_va = 0x656e9fff monitored = 0 entry_point = 0x65683290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 419 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 420 start_va = 0x65740000 end_va = 0x65747fff monitored = 0 entry_point = 0x657417c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 421 start_va = 0x500000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 422 start_va = 0x6fa30000 end_va = 0x6fa88fff monitored = 1 entry_point = 0x6fa40780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 423 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 424 start_va = 0x74920000 end_va = 0x74a9dfff monitored = 0 entry_point = 0x749d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 425 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 426 start_va = 0x7ede0000 end_va = 0x7eedffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ede0000" filename = "" Region: id = 427 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 428 start_va = 0x5e0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 429 start_va = 0x6e0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 431 start_va = 0x73ea0000 end_va = 0x73f31fff monitored = 0 entry_point = 0x73ee0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 432 start_va = 0x7ea30000 end_va = 0x7edd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 433 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 434 start_va = 0x75a50000 end_va = 0x75acafff monitored = 0 entry_point = 0x75a6e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 435 start_va = 0x75640000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75675630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 436 start_va = 0xd0000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 437 start_va = 0x6e0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 438 start_va = 0x8b0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 439 start_va = 0x75900000 end_va = 0x75943fff monitored = 0 entry_point = 0x75919d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 440 start_va = 0x75ad0000 end_va = 0x75b7cfff monitored = 0 entry_point = 0x75ae4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 441 start_va = 0x73f50000 end_va = 0x73f6dfff monitored = 0 entry_point = 0x73f5b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 442 start_va = 0x73f40000 end_va = 0x73f49fff monitored = 0 entry_point = 0x73f42a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 443 start_va = 0x755e0000 end_va = 0x75637fff monitored = 0 entry_point = 0x756225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 444 start_va = 0x8c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 445 start_va = 0x6f9b0000 end_va = 0x6fa2cfff monitored = 1 entry_point = 0x6f9c0db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 446 start_va = 0x74e30000 end_va = 0x74e74fff monitored = 0 entry_point = 0x74e4de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 447 start_va = 0x75420000 end_va = 0x755dcfff monitored = 0 entry_point = 0x75502a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 448 start_va = 0x74250000 end_va = 0x7439efff monitored = 0 entry_point = 0x74306820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 449 start_va = 0x74c10000 end_va = 0x74d56fff monitored = 0 entry_point = 0x74c21cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 450 start_va = 0x160000 end_va = 0x189fff monitored = 0 entry_point = 0x165680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 451 start_va = 0x9d0000 end_va = 0xb57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 452 start_va = 0x757e0000 end_va = 0x7580afff monitored = 0 entry_point = 0x757e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 453 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 454 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 455 start_va = 0xb60000 end_va = 0xce0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 456 start_va = 0xcf0000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 457 start_va = 0x160000 end_va = 0x165fff monitored = 1 entry_point = 0x16747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 458 start_va = 0x75410000 end_va = 0x7541bfff monitored = 0 entry_point = 0x75413930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 459 start_va = 0x6f9a0000 end_va = 0x6f9a7fff monitored = 0 entry_point = 0x6f9a17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 460 start_va = 0x20f0000 end_va = 0x269ffff monitored = 1 entry_point = 0x213a848 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 461 start_va = 0x160000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 462 start_va = 0x6f3f0000 end_va = 0x6f99ffff monitored = 1 entry_point = 0x6f43a848 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 463 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 464 start_va = 0x6f350000 end_va = 0x6f3eafff monitored = 0 entry_point = 0x6f35232b region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll") Region: id = 465 start_va = 0x7e0000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 468 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 469 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 470 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 471 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 472 start_va = 0x190000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 473 start_va = 0x1a0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 474 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 475 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 476 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 477 start_va = 0x7e0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 478 start_va = 0x840000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 479 start_va = 0x8c0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 480 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 481 start_va = 0x75ca0000 end_va = 0x7709efff monitored = 0 entry_point = 0x75e5b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 482 start_va = 0x758c0000 end_va = 0x758f6fff monitored = 0 entry_point = 0x758c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 483 start_va = 0x74f10000 end_va = 0x75408fff monitored = 0 entry_point = 0x75117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 484 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 485 start_va = 0x74d60000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 486 start_va = 0x74f00000 end_va = 0x74f0efff monitored = 0 entry_point = 0x74f02e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 487 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 488 start_va = 0x20f0000 end_va = 0x2426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 489 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 490 start_va = 0x2430000 end_va = 0x442ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 491 start_va = 0x4430000 end_va = 0x44cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004430000" filename = "" Region: id = 492 start_va = 0x850000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 493 start_va = 0x44d0000 end_va = 0x45cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044d0000" filename = "" Region: id = 494 start_va = 0x6dc10000 end_va = 0x6e709fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll") Region: id = 495 start_va = 0x75950000 end_va = 0x75a3afff monitored = 0 entry_point = 0x7598d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 496 start_va = 0x45d0000 end_va = 0x4660fff monitored = 0 entry_point = 0x4608cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 497 start_va = 0x73e20000 end_va = 0x73e94fff monitored = 0 entry_point = 0x73e59a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 498 start_va = 0x45d0000 end_va = 0x473ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 499 start_va = 0x5c0000 end_va = 0x5c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 500 start_va = 0x5d0000 end_va = 0x5d5fff monitored = 1 entry_point = 0x5d747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 501 start_va = 0x6f2f0000 end_va = 0x6f34afff monitored = 1 entry_point = 0x6f339010 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 502 start_va = 0x130000 end_va = 0x130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 503 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 504 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 505 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 506 start_va = 0x4680000 end_va = 0x4725fff monitored = 0 entry_point = 0x470e14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 507 start_va = 0x4730000 end_va = 0x473ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004730000" filename = "" Region: id = 508 start_va = 0x45d0000 end_va = 0x4675fff monitored = 0 entry_point = 0x465e14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 509 start_va = 0x4740000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004740000" filename = "" Region: id = 510 start_va = 0x4c10000 end_va = 0x50ddfff monitored = 0 entry_point = 0x508c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 511 start_va = 0x890000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 512 start_va = 0x50e0000 end_va = 0x55adfff monitored = 0 entry_point = 0x555c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 513 start_va = 0x6eb40000 end_va = 0x6f2e2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\2dcc35955cda7c1279cec70d8a3ac1c1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\2dcc35955cda7c1279cec70d8a3ac1c1\\system.ni.dll") Region: id = 514 start_va = 0x8a0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 515 start_va = 0x8a0000 end_va = 0x8a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 516 start_va = 0x4780000 end_va = 0x47c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 517 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 518 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 519 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 748 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 750 start_va = 0x47e0000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 751 start_va = 0x4820000 end_va = 0x485ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 752 start_va = 0x4860000 end_va = 0x486ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 753 start_va = 0x4860000 end_va = 0x489ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 754 start_va = 0x48a0000 end_va = 0x48dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 755 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 757 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 758 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 759 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 760 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 761 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 762 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 764 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 765 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 767 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 768 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 769 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 770 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 771 start_va = 0x4900000 end_va = 0x490ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 772 start_va = 0x4910000 end_va = 0x491ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004910000" filename = "" Region: id = 773 start_va = 0x49c0000 end_va = 0x4a5bfff monitored = 0 entry_point = 0x4a4921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 774 start_va = 0x4920000 end_va = 0x49bbfff monitored = 0 entry_point = 0x49a921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 775 start_va = 0x48e0000 end_va = 0x48effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048e0000" filename = "" Region: id = 776 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 777 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 778 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 779 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 780 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 781 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 782 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 783 start_va = 0x4ad0000 end_va = 0x4b3bfff monitored = 0 entry_point = 0x4b2cd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 786 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 787 start_va = 0x4a60000 end_va = 0x4acbfff monitored = 0 entry_point = 0x4abcd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 788 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 789 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 790 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 791 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 792 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 793 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 794 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 795 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 796 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 797 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 798 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 799 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 800 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 801 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 802 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 803 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 804 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 805 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 806 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 807 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 808 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 809 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 810 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 811 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 812 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 813 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 814 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 815 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 816 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 817 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 818 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 819 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 820 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 821 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 822 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 823 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 824 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 825 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 826 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 827 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 828 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 829 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 830 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 831 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 832 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 833 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 834 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 835 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 836 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 837 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 838 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 839 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 840 start_va = 0x4b50000 end_va = 0x4b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 841 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 842 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 843 start_va = 0x4b50000 end_va = 0x4b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 844 start_va = 0x4b50000 end_va = 0x4b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 845 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 846 start_va = 0x4b50000 end_va = 0x4b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 847 start_va = 0x4b60000 end_va = 0x4b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 848 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 849 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 850 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 851 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 852 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 853 start_va = 0x4b80000 end_va = 0x4b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 854 start_va = 0x4b90000 end_va = 0x4b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 855 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 856 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 857 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 858 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 859 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 860 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 861 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 862 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 863 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 864 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 865 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 866 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 867 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 868 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 869 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 870 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 871 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 872 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 873 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 874 start_va = 0x4b70000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 875 start_va = 0x4b90000 end_va = 0x4b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 876 start_va = 0x4ba0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 877 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 878 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 879 start_va = 0x4b60000 end_va = 0x4b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 880 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 881 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 882 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 883 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 884 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 885 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 886 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 887 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 888 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 889 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 890 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 891 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 892 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 893 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 894 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 895 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 896 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 897 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 898 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 899 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 900 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 901 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 902 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 903 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 904 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 905 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 906 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 907 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 908 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 909 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 910 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 911 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 912 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 913 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 914 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 915 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 916 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 917 start_va = 0x57b0000 end_va = 0x59a9fff monitored = 0 entry_point = 0x59882be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 918 start_va = 0x4b60000 end_va = 0x4b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 919 start_va = 0x4b70000 end_va = 0x4b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b70000" filename = "" Region: id = 920 start_va = 0x55b0000 end_va = 0x57a9fff monitored = 0 entry_point = 0x57882be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 921 start_va = 0x4b90000 end_va = 0x4b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 922 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 923 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 924 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 925 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 926 start_va = 0x73e00000 end_va = 0x73e1cfff monitored = 0 entry_point = 0x73e03b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 927 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 928 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 929 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 930 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 931 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 932 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 933 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 934 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 935 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 936 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 937 start_va = 0x4b90000 end_va = 0x4b97fff monitored = 0 entry_point = 0x4b93fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 938 start_va = 0x4b60000 end_va = 0x4b67fff monitored = 0 entry_point = 0x4b63fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 939 start_va = 0x4ba0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 940 start_va = 0x4ba0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 941 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 942 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 943 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 944 start_va = 0x4ba0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 945 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 946 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 947 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 948 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 949 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 950 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 951 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 952 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 953 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 954 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 955 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 956 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 957 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 958 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 959 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 960 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 961 start_va = 0x4ba0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 962 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 963 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 964 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 965 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 966 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 967 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 968 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 969 start_va = 0x4ba0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 970 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 971 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 972 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 973 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 974 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 975 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 976 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 977 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 978 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 979 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 980 start_va = 0x4bf0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 981 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 982 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 983 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 984 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 985 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 986 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 987 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 988 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 989 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 990 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 991 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 992 start_va = 0x4bf0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 993 start_va = 0x4c00000 end_va = 0x4c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 994 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 995 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 996 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 997 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 998 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 999 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1000 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1001 start_va = 0x4bd0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 1002 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1003 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1004 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1005 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1006 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1007 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1008 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1009 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1010 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1011 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1012 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1013 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 1014 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1015 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1016 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1017 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1018 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1019 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1020 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1021 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1022 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1023 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1024 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 1025 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1026 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1027 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1028 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1029 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1030 start_va = 0x4be0000 end_va = 0x4beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 1031 start_va = 0x4bf0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 1032 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1033 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1034 start_va = 0x48f0000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 1035 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1036 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1037 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1041 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1042 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1043 start_va = 0x4b40000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1044 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1045 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1046 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1047 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1048 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1049 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1050 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1051 start_va = 0x4bb0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 1052 start_va = 0x74db0000 end_va = 0x74e0efff monitored = 0 entry_point = 0x74db4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1053 start_va = 0x71450000 end_va = 0x7149efff monitored = 0 entry_point = 0x7145d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1054 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 1055 start_va = 0x4be0000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004be0000" filename = "" Region: id = 1056 start_va = 0x4bc0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Thread: id = 10 os_tid = 0x11c8 [0100.944] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x5f8f80, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfb8, lpName="Global\\Cor_Private_IPCBlock_4536") returned 0x128 [0100.955] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x5f8f50, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x134, lpName="Global\\Cor_Public_IPCBlock_4536") returned 0x130 [0101.387] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0101.510] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fe920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0101.510] GetLastError () returned 0x2 [0101.517] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fe8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0101.517] GetLastError () returned 0x2 [0101.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x4fe884, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0101.520] GetLastError () returned 0x2 [0101.526] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x4fe920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0101.526] GetLastError () returned 0x2 [0101.526] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x4fe8bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0101.527] GetLastError () returned 0x2 [0101.533] GetVersionExW (in: lpVersionInformation=0x620d28*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x620d28*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0101.533] GetLastError () returned 0x2 [0101.535] GetVersionExW (in: lpVersionInformation=0x620d28*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x620d28*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0101.535] GetLastError () returned 0x2 [0101.535] CreateFileMappingW (hFile=0x25c, lpFileMappingAttributes=0x4fe9b8, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x260 [0101.538] CreateFileMappingW (hFile=0x260, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x25c [0101.601] CreateFileMappingW (hFile=0x26c, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x270 [0101.740] CreateFileMappingW (hFile=0x274, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x278 [0102.021] CreateFileMappingW (hFile=0x27c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x280 [0102.031] CreateFileMappingW (hFile=0x284, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x288 [0102.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fe2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0102.036] GetLastError () returned 0x0 [0102.036] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fe338, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0102.036] GetLastError () returned 0x0 [0102.217] lstrlenW (lpString="䅁") returned 1 [0102.220] GetVersionExW (in: lpVersionInformation=0x621440*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x621440*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0102.220] GetLastError () returned 0x0 [0102.424] RegQueryValueExW (in: hKey=0x80000001, lpValueName="di", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x4) returned 0x0 [0102.426] RegSetValueExW (in: hKey=0x80000001, lpValueName="di", Reserved=0x0, dwType=0x1, lpData="!", cbData=0x4 | out: lpData="!") returned 0x0 [0107.446] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="7657c14284185fbd3fb108b43c7467ba") returned 0x28c [0107.446] GetLastError () returned 0x0 [0108.603] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x621428, nSize=0x80 | out: lpBuffer="") returned 0x24 [0108.603] GetLastError () returned 0x0 [0108.605] GetLongPathNameW (in: lpszShortPath="c:\\users\\rdhj0c~1\\", lpszLongPath=0x4fea74, cchBuffer=0x104 | out: lpszLongPath="c:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0108.606] GetLastError () returned 0x0 [0108.606] GetFullPathNameW (in: lpFileName="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea9c, lpFilePart=0x0 | out: lpBuffer="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp\\server.exe", lpFilePart=0x0) returned 0x33 [0108.606] GetLastError () returned 0x0 [0108.650] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x4fea78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x28 [0108.650] GetLastError () returned 0x0 [0108.651] GetFullPathNameW (in: lpFileName="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp", nBufferLength=0x105, lpBuffer=0x4fea78, lpFilePart=0x0 | out: lpBuffer="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp", lpFilePart=0x0) returned 0x28 [0108.651] GetLastError () returned 0x0 [0108.661] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4feeb8 | out: phkResult=0x4feeb8*=0x290) returned 0x0 [0108.663] RegQueryValueExW (in: hKey=0x290, lpValueName="SEE_MASK_NOZONECHECKS", lpReserved=0x0, lpType=0x4feeb8, lpData=0x0, lpcbData=0x4feeb4*=0x0 | out: lpType=0x4feeb8*=0x0, lpData=0x0, lpcbData=0x4feeb4*=0x0) returned 0x2 [0108.663] RegSetValueExW (in: hKey=0x290, lpValueName="SEE_MASK_NOZONECHECKS", Reserved=0x0, dwType=0x1, lpData="1", cbData=0x4 | out: lpData="1") returned 0x0 [0108.664] RegCloseKey (hKey=0x290) returned 0x0 [0108.669] SendMessageTimeoutA (in: hWnd=0xffff, Msg=0x1a, wParam=0x0, lParam=0x4fedd8, fuFlags=0x0, uTimeout=0x3e8, lpdwResult=0x0 | out: lpdwResult=0x0) returned 0x1 [0118.753] GetLastError () returned 0x5b4 [0118.753] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0118.754] GetLastError () returned 0x5b4 [0118.822] GetStartupInfoW (in: lpStartupInfo=0x2439cb4 | out: lpStartupInfo=0x2439cb4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0118.831] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="netsh firewall add allowedprogram \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" \"server.exe\" ENABLE", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2439cb4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x2439d00 | out: lpCommandLine="netsh firewall add allowedprogram \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" \"server.exe\" ENABLE", lpProcessInformation=0x2439d00*(hProcess=0x294, hThread=0x290, dwProcessId=0x125c, dwThreadId=0x1258)) returned 1 [0118.868] WaitForSingleObject (hHandle=0x294, dwMilliseconds=0x1388) returned 0x102 [0123.867] GetLastError () returned 0x5b4 [0123.895] CloseHandle (hObject=0x294) returned 1 [0123.895] GetLastError () returned 0x5b4 [0123.904] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4feef8 | out: phkResult=0x4feef8*=0x294) returned 0x0 [0123.905] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0123.905] GetLastError () returned 0x5b4 [0123.905] RegQueryValueExW (in: hKey=0x294, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4feef8, lpData=0x0, lpcbData=0x4feef4*=0x0 | out: lpType=0x4feef8*=0x0, lpData=0x0, lpcbData=0x4feef4*=0x0) returned 0x2 [0123.905] RegSetValueExW (in: hKey=0x294, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0123.990] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4feef8 | out: phkResult=0x4feef8*=0x29c) returned 0x0 [0123.990] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0123.990] GetLastError () returned 0x5b4 [0123.990] RegQueryValueExW (in: hKey=0x29c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4feef8, lpData=0x0, lpcbData=0x4feef4*=0x0 | out: lpType=0x4feef8*=0x0, lpData=0x0, lpcbData=0x4feef4*=0x0) returned 0x2 [0123.990] RegSetValueExW (in: hKey=0x29c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0125.674] GetCurrentProcess () returned 0xffffffff [0125.676] GetCurrentThread () returned 0xfffffffe [0125.676] GetCurrentProcess () returned 0xffffffff [0125.737] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x4fef78, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x4fef78*=0x2d0) returned 1 [0125.737] GetLastError () returned 0x0 [0125.805] GetCurrentThreadId () returned 0x11c8 [0125.880] CreateFileMappingW (hFile=0x2d4, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2d8 [0126.880] GetSystemMetrics (nIndex=75) returned 1 [0128.386] lstrlenW (lpString="䅁") returned 1 [0128.758] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74c10000 [0128.761] GetProcAddress (hModule=0x74c10000, lpProcName="DefWindowProcW") returned 0x772aaee0 [0128.763] GetStockObject (i=5) returned 0x1900015 [0128.763] GetLastError () returned 0x0 [0128.846] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0128.900] CoTaskMemAlloc (cb=0x4c) returned 0x636e80 [0128.900] RegisterClassW (lpWndClass=0x621440) returned 0xc1e0 [0128.901] GetLastError () returned 0x0 [0128.901] CoTaskMemFree (pv=0x636e80) [0128.901] GetModuleHandleW (lpModuleName=0x0) returned 0x140000 [0128.986] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.33c0d9d", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x140000, lpParam=0x0) returned 0x9007c [0129.038] SetWindowLongW (hWnd=0x9007c, nIndex=-4, dwNewLong=1999285984) returned 1837002 [0129.191] GetWindowLongW (hWnd=0x9007c, nIndex=-4) returned 1999285984 [0129.218] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe514 | out: phkResult=0x4fe514*=0x2e4) returned 0x0 [0129.218] RegQueryValueExW (in: hKey=0x2e4, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x4fe55c, lpData=0x0, lpcbData=0x4fe558*=0x0 | out: lpType=0x4fe55c*=0x0, lpData=0x0, lpcbData=0x4fe558*=0x0) returned 0x2 [0129.218] RegQueryValueExW (in: hKey=0x2e4, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x4fe55c, lpData=0x0, lpcbData=0x4fe558*=0x0 | out: lpType=0x4fe55c*=0x0, lpData=0x0, lpcbData=0x4fe558*=0x0) returned 0x2 [0129.219] RegCloseKey (hKey=0x2e4) returned 0x0 [0129.368] SetWindowLongW (hWnd=0x9007c, nIndex=-4, dwNewLong=1837322) returned 1999285984 [0129.368] GetWindowLongW (hWnd=0x9007c, nIndex=-4) returned 1837322 [0129.368] GetWindowLongW (hWnd=0x9007c, nIndex=-16) returned 113311744 [0129.681] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1d9 [0129.703] CallWindowProcW (lpPrevWndFunc=0x772aaee0, hWnd=0x9007c, Msg=0x24, wParam=0x0, lParam=0x4fe82c) returned 0x0 [0129.754] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc160 [0129.755] CallWindowProcW (lpPrevWndFunc=0x772aaee0, hWnd=0x9007c, Msg=0x81, wParam=0x0, lParam=0x4fe820) returned 0x1 [0129.755] CallWindowProcW (lpPrevWndFunc=0x772aaee0, hWnd=0x9007c, Msg=0x83, wParam=0x0, lParam=0x4fe80c) returned 0x0 [0129.771] CallWindowProcW (lpPrevWndFunc=0x772aaee0, hWnd=0x9007c, Msg=0x1, wParam=0x0, lParam=0x4fe820) returned 0x0 [0129.870] GetClientRect (in: hWnd=0x9007c, lpRect=0x4fe568 | out: lpRect=0x4fe568) returned 1 [0129.872] GetWindowRect (in: hWnd=0x9007c, lpRect=0x4fe568 | out: lpRect=0x4fe568) returned 1 [0130.041] CreateFileMappingW (hFile=0x2f4, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2f8 [0130.341] GetLastError () returned 0x6 [0130.352] GetParent (hWnd=0x9007c) returned 0x0 [0130.754] OleInitialize (pvReserved=0x0) returned 0x0 [0130.755] GetLastError () returned 0x6 [0130.764] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0131.018] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0131.127] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0131.127] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0131.127] GetLastError () returned 0x6 [0131.333] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x300) returned 0x0 [0131.333] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0131.333] GetLastError () returned 0x6 [0131.334] RegQueryValueExW (in: hKey=0x300, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0131.334] RegSetValueExW (in: hKey=0x300, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0131.334] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0131.334] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0131.334] GetLastError () returned 0x6 [0131.334] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x308) returned 0x0 [0131.334] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0131.334] GetLastError () returned 0x6 [0131.334] RegQueryValueExW (in: hKey=0x308, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0131.334] RegSetValueExW (in: hKey=0x308, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0132.380] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0132.381] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0132.382] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0132.382] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0132.382] GetLastError () returned 0x6 [0132.382] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x30c) returned 0x0 [0132.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0132.383] GetLastError () returned 0x6 [0132.383] RegQueryValueExW (in: hKey=0x30c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0132.383] RegSetValueExW (in: hKey=0x30c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0132.383] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0132.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0132.383] GetLastError () returned 0x6 [0132.383] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x310) returned 0x0 [0132.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0132.383] GetLastError () returned 0x6 [0132.383] RegQueryValueExW (in: hKey=0x310, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0132.384] RegSetValueExW (in: hKey=0x310, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0133.393] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0133.393] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0133.393] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0133.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0133.394] GetLastError () returned 0x6 [0133.394] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x314) returned 0x0 [0133.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0133.394] GetLastError () returned 0x6 [0133.394] RegQueryValueExW (in: hKey=0x314, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0133.394] RegSetValueExW (in: hKey=0x314, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0133.394] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0133.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0133.394] GetLastError () returned 0x6 [0133.394] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x318) returned 0x0 [0133.395] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0133.395] GetLastError () returned 0x6 [0133.395] RegQueryValueExW (in: hKey=0x318, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0133.395] RegSetValueExW (in: hKey=0x318, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0134.463] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0134.463] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0134.464] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0134.464] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0134.464] GetLastError () returned 0x6 [0134.464] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x32c) returned 0x0 [0134.474] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0134.474] GetLastError () returned 0x6 [0134.474] RegQueryValueExW (in: hKey=0x32c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0134.474] RegSetValueExW (in: hKey=0x32c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0134.475] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0134.475] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0134.475] GetLastError () returned 0x6 [0134.475] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x330) returned 0x0 [0134.475] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0134.475] GetLastError () returned 0x6 [0134.475] RegQueryValueExW (in: hKey=0x330, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0134.475] RegSetValueExW (in: hKey=0x330, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0135.544] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0135.544] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0135.547] GetCurrentProcessId () returned 0x11b8 [0135.557] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x4fe738 | out: lpLuid=0x4fe738*(LowPart=0x14, HighPart=0)) returned 1 [0135.571] GetLastError () returned 0x0 [0135.572] GetCurrentProcess () returned 0xffffffff [0135.572] GetLastError () returned 0x0 [0135.577] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x4fe734 | out: TokenHandle=0x4fe734*=0x36c) returned 1 [0135.577] GetLastError () returned 0x0 [0135.670] AdjustTokenPrivileges (in: TokenHandle=0x36c, DisableAllPrivileges=0, NewState=0x2478ac8*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0135.670] GetLastError () returned 0x0 [0135.671] CloseHandle (hObject=0x36c) returned 1 [0135.671] GetLastError () returned 0x0 [0135.798] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0x11b8) returned 0x370 [0135.798] GetLastError () returned 0x0 [0135.800] GetExitCodeProcess (in: hProcess=0x370, lpExitCode=0x2478a34 | out: lpExitCode=0x2478a34*=0x103) returned 1 [0135.800] GetLastError () returned 0x0 [0135.802] GetProcessWorkingSetSize (in: hProcess=0x370, lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c | out: lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c) returned 1 [0135.803] GetLastError () returned 0x0 [0135.805] SetProcessWorkingSetSize (hProcess=0x370, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0135.947] GetLastError () returned 0x0 [0135.948] GetProcessWorkingSetSize (in: hProcess=0x370, lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c | out: lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c) returned 1 [0135.948] GetLastError () returned 0x0 [0135.949] CloseHandle (hObject=0x370) returned 1 [0135.950] GetLastError () returned 0x0 [0135.950] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0135.950] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0135.951] GetLastError () returned 0x0 [0135.951] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x370) returned 0x0 [0135.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0135.952] GetLastError () returned 0x0 [0135.953] RegQueryValueExW (in: hKey=0x370, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0135.953] RegSetValueExW (in: hKey=0x370, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0135.953] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0135.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0135.953] GetLastError () returned 0x0 [0135.953] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x378) returned 0x0 [0135.954] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0135.954] GetLastError () returned 0x0 [0135.954] RegQueryValueExW (in: hKey=0x378, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0135.954] RegSetValueExW (in: hKey=0x378, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0136.960] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0136.961] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0136.962] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0136.962] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0136.962] GetLastError () returned 0x0 [0136.962] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3b4) returned 0x0 [0136.962] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0136.962] GetLastError () returned 0x0 [0136.962] RegQueryValueExW (in: hKey=0x3b4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0136.962] RegSetValueExW (in: hKey=0x3b4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0136.963] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0136.963] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0136.963] GetLastError () returned 0x0 [0136.963] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3b8) returned 0x0 [0136.964] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0136.964] GetLastError () returned 0x0 [0136.964] RegQueryValueExW (in: hKey=0x3b8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0136.964] RegSetValueExW (in: hKey=0x3b8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0137.971] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0137.971] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0137.972] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0137.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0137.972] GetLastError () returned 0x0 [0137.972] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3bc) returned 0x0 [0137.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0137.972] GetLastError () returned 0x0 [0137.972] RegQueryValueExW (in: hKey=0x3bc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0137.973] RegSetValueExW (in: hKey=0x3bc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0137.973] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0137.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0137.973] GetLastError () returned 0x0 [0137.973] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3c0) returned 0x0 [0137.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0137.973] GetLastError () returned 0x0 [0137.973] RegQueryValueExW (in: hKey=0x3c0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0137.974] RegSetValueExW (in: hKey=0x3c0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0138.991] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0138.992] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0139.006] GetForegroundWindow () returned 0x2013a [0139.006] GetLastError () returned 0x0 [0139.009] GetWindowTextLengthA (hWnd=0x2013a) returned 30 [0139.010] GetLastError () returned 0x0 [0139.027] GetWindowTextA (in: hWnd=0x2013a, lpString=0x4fece0, nMaxCount=31 | out: lpString="Blank Page - Internet Explorer") returned 30 [0139.027] GetLastError () returned 0x0 [0139.061] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0139.061] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0139.061] GetLastError () returned 0x0 [0139.061] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3c4) returned 0x0 [0139.061] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0139.061] GetLastError () returned 0x0 [0139.061] RegQueryValueExW (in: hKey=0x3c4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0139.061] RegSetValueExW (in: hKey=0x3c4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0139.062] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0139.062] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0139.062] GetLastError () returned 0x0 [0139.062] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3c8) returned 0x0 [0139.062] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0139.062] GetLastError () returned 0x0 [0139.062] RegQueryValueExW (in: hKey=0x3c8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0139.062] RegSetValueExW (in: hKey=0x3c8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0140.065] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0140.065] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0140.065] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0140.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0140.065] GetLastError () returned 0x0 [0140.066] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3cc) returned 0x0 [0140.066] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0140.066] GetLastError () returned 0x0 [0140.066] RegQueryValueExW (in: hKey=0x3cc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0140.066] RegSetValueExW (in: hKey=0x3cc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0140.066] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0140.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0140.067] GetLastError () returned 0x0 [0140.067] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3d0) returned 0x0 [0140.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0140.067] GetLastError () returned 0x0 [0140.067] RegQueryValueExW (in: hKey=0x3d0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0140.067] RegSetValueExW (in: hKey=0x3d0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0141.086] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0141.086] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0141.087] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0141.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0141.087] GetLastError () returned 0x0 [0141.087] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3d4) returned 0x0 [0141.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0141.087] GetLastError () returned 0x0 [0141.087] RegQueryValueExW (in: hKey=0x3d4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0141.087] RegSetValueExW (in: hKey=0x3d4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0141.087] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0141.087] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0141.087] GetLastError () returned 0x0 [0141.088] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3d8) returned 0x0 [0141.088] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0141.088] GetLastError () returned 0x0 [0141.088] RegQueryValueExW (in: hKey=0x3d8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0141.088] RegSetValueExW (in: hKey=0x3d8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0142.094] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0142.094] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0142.095] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0142.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0142.095] GetLastError () returned 0x0 [0142.095] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3dc) returned 0x0 [0142.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0142.095] GetLastError () returned 0x0 [0142.095] RegQueryValueExW (in: hKey=0x3dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0142.095] RegSetValueExW (in: hKey=0x3dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0142.096] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0142.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0142.096] GetLastError () returned 0x0 [0142.096] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3e0) returned 0x0 [0142.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0142.096] GetLastError () returned 0x0 [0142.096] RegQueryValueExW (in: hKey=0x3e0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0142.096] RegSetValueExW (in: hKey=0x3e0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0143.117] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0143.117] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0143.117] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0143.117] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0143.117] GetLastError () returned 0x0 [0143.118] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3e4) returned 0x0 [0143.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0143.118] GetLastError () returned 0x0 [0143.118] RegQueryValueExW (in: hKey=0x3e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0143.118] RegSetValueExW (in: hKey=0x3e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0143.118] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0143.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0143.118] GetLastError () returned 0x0 [0143.119] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3e8) returned 0x0 [0143.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0143.119] GetLastError () returned 0x0 [0143.119] RegQueryValueExW (in: hKey=0x3e8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0143.119] RegSetValueExW (in: hKey=0x3e8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0145.135] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x4feef4 | out: lplpMessageFilter=0x4feef4*=0x0) returned 0x0 [0145.136] PeekMessageW (in: lpMsg=0x4feecc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4feecc) returned 0 [0145.136] GetCurrentProcessId () returned 0x11b8 [0145.136] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0x11b8) returned 0x3ec [0145.137] GetLastError () returned 0x0 [0145.137] GetExitCodeProcess (in: hProcess=0x3ec, lpExitCode=0x24966a0 | out: lpExitCode=0x24966a0*=0x103) returned 1 [0145.137] GetLastError () returned 0x0 [0145.137] GetProcessWorkingSetSize (in: hProcess=0x3ec, lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c | out: lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c) returned 1 [0145.137] GetLastError () returned 0x0 [0145.137] SetProcessWorkingSetSize (hProcess=0x3ec, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0145.251] GetLastError () returned 0x0 [0145.252] GetProcessWorkingSetSize (in: hProcess=0x3ec, lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c | out: lpMinimumWorkingSetSize=0x4fef60, lpMaximumWorkingSetSize=0x4fef5c) returned 1 [0145.252] GetLastError () returned 0x0 [0145.253] CloseHandle (hObject=0x3ec) returned 1 [0145.254] GetLastError () returned 0x0 [0145.255] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0145.256] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0145.256] GetLastError () returned 0x0 [0145.257] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3ec) returned 0x0 [0145.259] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0145.259] GetLastError () returned 0x0 [0145.259] RegQueryValueExW (in: hKey=0x3ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0145.260] RegSetValueExW (in: hKey=0x3ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0145.260] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef64, lpData=0x0, lpcbData=0x4fef60*=0x0 | out: lpType=0x4fef64*=0x0, lpData=0x0, lpcbData=0x4fef60*=0x0) returned 0x2 [0145.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0145.260] GetLastError () returned 0x0 [0145.260] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x4fef28 | out: phkResult=0x4fef28*=0x3f4) returned 0x0 [0145.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x4fea60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0145.260] GetLastError () returned 0x0 [0145.260] RegQueryValueExW (in: hKey=0x3f4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x4fef28, lpData=0x0, lpcbData=0x4fef24*=0x0 | out: lpType=0x4fef28*=0x1, lpData=0x0, lpcbData=0x4fef24*=0x72) returned 0x0 [0145.261] RegSetValueExW (in: hKey=0x3f4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 Thread: id = 11 os_tid = 0x11a0 Thread: id = 13 os_tid = 0x11c4 Thread: id = 14 os_tid = 0x11a8 [0101.478] CoGetContextToken (in: pToken=0x45cf4a8 | out: pToken=0x45cf4a8) returned 0x800401f0 [0101.478] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 23 os_tid = 0x6b8 [0124.055] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0126.566] CreateFileMappingW (hFile=0x2dc, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2e0 [0129.071] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", nBufferLength=0x105, lpBuffer=0x485ee04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", lpFilePart=0x0) returned 0x36 [0129.071] GetLastError () returned 0x0 [0129.071] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", nBufferLength=0x105, lpBuffer=0x485edb8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", lpFilePart=0x0) returned 0x36 [0129.071] GetLastError () returned 0x0 [0129.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x485edbc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0129.074] GetLastError () returned 0x0 [0129.517] CreateFileMappingW (hFile=0x2e4, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2e8 [0130.520] GetVersionExW (in: lpVersionInformation=0x6344e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6344e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0130.520] GetLastError () returned 0x0 [0130.522] GetCurrentProcess () returned 0xffffffff [0130.522] GetLastError () returned 0x3f0 [0130.684] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485eecc | out: TokenHandle=0x485eecc*=0x2fc) returned 1 [0130.684] GetLastError () returned 0x3f0 [0130.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x485ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e [0130.702] GetLastError () returned 0x0 [0130.950] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x485ef10 | out: lpFileInformation=0x485ef10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0130.950] GetLastError () returned 0x0 [0131.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x485ea24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.089] GetLastError () returned 0x0 [0131.179] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x485ef08 | out: lpFileInformation=0x485ef08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0131.179] GetLastError () returned 0x0 [0131.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x485e970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0131.180] GetLastError () returned 0x0 [0131.181] SetErrorMode (uMode=0x1) returned 0x0 [0131.183] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x304 [0131.183] GetLastError () returned 0x0 [0131.185] GetFileType (hFile=0x304) returned 0x1 [0131.185] SetErrorMode (uMode=0x0) returned 0x1 [0131.185] GetFileType (hFile=0x304) returned 0x1 [0131.556] GetFileSize (in: hFile=0x304, lpFileSizeHigh=0x485eeec | out: lpFileSizeHigh=0x485eeec*=0x0) returned 0x65b3 [0131.556] GetLastError () returned 0x0 [0131.558] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485eea4, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485eea4*=0x1000, lpOverlapped=0x0) returned 1 [0131.559] GetLastError () returned 0x0 [0133.363] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485eac0, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485eac0*=0x1000, lpOverlapped=0x0) returned 1 [0133.363] GetLastError () returned 0x0 [0133.408] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485e904, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485e904*=0x1000, lpOverlapped=0x0) returned 1 [0133.408] GetLastError () returned 0x0 [0133.408] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485e904, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485e904*=0x1000, lpOverlapped=0x0) returned 1 [0133.408] GetLastError () returned 0x0 [0133.408] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485e904, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485e904*=0x1000, lpOverlapped=0x0) returned 1 [0133.408] GetLastError () returned 0x0 [0134.067] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485ea34, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485ea34*=0x1000, lpOverlapped=0x0) returned 1 [0134.067] GetLastError () returned 0x0 [0134.068] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485e7ec, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485e7ec*=0x5b3, lpOverlapped=0x0) returned 1 [0134.068] GetLastError () returned 0x0 [0134.068] ReadFile (in: hFile=0x304, lpBuffer=0x2455c80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x485e988, lpOverlapped=0x0 | out: lpBuffer=0x2455c80*, lpNumberOfBytesRead=0x485e988*=0x0, lpOverlapped=0x0) returned 1 [0134.068] GetLastError () returned 0x0 [0134.088] CloseHandle (hObject=0x304) returned 1 [0134.088] GetLastError () returned 0x0 [0134.145] GetCurrentProcess () returned 0xffffffff [0134.145] GetLastError () returned 0x3f0 [0134.145] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485f1e0 | out: TokenHandle=0x485f1e0*=0x304) returned 1 [0134.145] GetLastError () returned 0x3f0 [0134.148] GetCurrentProcess () returned 0xffffffff [0134.148] GetLastError () returned 0x3f0 [0134.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485f1e0 | out: TokenHandle=0x485f1e0*=0x31c) returned 1 [0134.149] GetLastError () returned 0x3f0 [0134.153] GetCurrentProcess () returned 0xffffffff [0134.153] GetLastError () returned 0x3f0 [0134.153] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485eecc | out: TokenHandle=0x485eecc*=0x320) returned 1 [0134.153] GetLastError () returned 0x3f0 [0134.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.config"), fInfoLevelId=0x0, lpFileInformation=0x485ef10 | out: lpFileInformation=0x485ef10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.155] GetLastError () returned 0x2 [0134.156] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", nBufferLength=0x105, lpBuffer=0x485ea24, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", lpFilePart=0x0) returned 0x36 [0134.156] GetLastError () returned 0x2 [0134.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.config"), fInfoLevelId=0x0, lpFileInformation=0x485ef08 | out: lpFileInformation=0x485ef08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.157] GetLastError () returned 0x2 [0134.157] GetCurrentProcess () returned 0xffffffff [0134.157] GetLastError () returned 0x3f0 [0134.157] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485f1e0 | out: TokenHandle=0x485f1e0*=0x324) returned 1 [0134.157] GetLastError () returned 0x3f0 [0134.165] GetCurrentProcess () returned 0xffffffff [0134.165] GetLastError () returned 0x3f0 [0134.165] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485f1e0 | out: TokenHandle=0x485f1e0*=0x328) returned 1 [0134.165] GetLastError () returned 0x3f0 [0134.616] GetCurrentProcess () returned 0xffffffff [0134.616] GetLastError () returned 0x3f0 [0134.616] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485efc4 | out: TokenHandle=0x485efc4*=0x334) returned 1 [0134.616] GetLastError () returned 0x3f0 [0135.783] GetCurrentProcess () returned 0xffffffff [0135.783] GetLastError () returned 0x3f0 [0135.783] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485efd4 | out: TokenHandle=0x485efd4*=0x36c) returned 1 [0135.783] GetLastError () returned 0x3f0 [0136.126] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x6344d0 | out: lpWSAData=0x6344d0) returned 0 [0136.132] GetLastError () returned 0x0 [0136.191] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x485ebbc | out: phkResult=0x485ebbc*=0x398) returned 0x0 [0136.191] RegQueryValueExW (in: hKey=0x398, lpValueName="InstallationType", lpReserved=0x0, lpType=0x485ec04, lpData=0x0, lpcbData=0x485ec00*=0x0 | out: lpType=0x485ec04*=0x1, lpData=0x0, lpcbData=0x485ec00*=0xe) returned 0x0 [0136.194] RegQueryValueExW (in: hKey=0x398, lpValueName="InstallationType", lpReserved=0x0, lpType=0x485ec04, lpData=0x6344d0, lpcbData=0x485ec00*=0xe | out: lpType=0x485ec04*=0x1, lpData="Client", lpcbData=0x485ec00*=0xe) returned 0x0 [0136.194] RegCloseKey (hKey=0x398) returned 0x0 [0136.201] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x39c [0136.216] GetLastError () returned 0x0 [0136.216] setsockopt (s=0x39c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0136.216] GetLastError () returned 0x273a [0136.216] closesocket (s=0x39c) returned 0 [0136.217] GetLastError () returned 0x0 [0136.217] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x39c [0136.218] GetLastError () returned 0x0 [0136.218] setsockopt (s=0x39c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0136.218] GetLastError () returned 0x273a [0136.219] closesocket (s=0x39c) returned 0 [0136.219] GetLastError () returned 0x0 [0136.227] GetCurrentProcess () returned 0xffffffff [0136.227] GetLastError () returned 0x3f0 [0136.227] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485efdc | out: TokenHandle=0x485efdc*=0x39c) returned 1 [0136.227] GetLastError () returned 0x3f0 [0136.292] GetCurrentProcess () returned 0xffffffff [0136.292] GetLastError () returned 0x3f0 [0136.292] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x485efec | out: TokenHandle=0x485efec*=0x3a0) returned 1 [0136.292] GetLastError () returned 0x3f0 [0136.441] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x485ede4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0136.441] GetLastError () returned 0x3f0 [0136.443] GetCurrentProcessId () returned 0x11b8 [0136.502] GetComputerNameW (in: lpBuffer=0x6344d0, nSize=0x2480718 | out: lpBuffer="XC64ZB", nSize=0x2480718) returned 1 [0136.504] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x485f248 | out: phkResult=0x485f248*=0x3a4) returned 0x0 [0136.504] RegQueryValueExW (in: hKey=0x3a4, lpValueName="Library", lpReserved=0x0, lpType=0x485f284, lpData=0x0, lpcbData=0x485f280*=0x0 | out: lpType=0x485f284*=0x2, lpData=0x0, lpcbData=0x485f280*=0x48) returned 0x0 [0136.505] RegQueryValueExW (in: hKey=0x3a4, lpValueName="Library", lpReserved=0x0, lpType=0x485f284, lpData=0x6344d0, lpcbData=0x485f280*=0x48 | out: lpType=0x485f284*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0x485f280*=0x48) returned 0x0 [0136.505] RegQueryValueExW (in: hKey=0x3a4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x485f290, lpData=0x0, lpcbData=0x485f28c*=0x0 | out: lpType=0x485f290*=0x4, lpData=0x0, lpcbData=0x485f28c*=0x4) returned 0x0 [0136.507] RegQueryValueExW (in: hKey=0x3a4, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x485f290, lpData=0x485f27c, lpcbData=0x485f28c*=0x4 | out: lpType=0x485f290*=0x4, lpData=0x485f27c*=0x1, lpcbData=0x485f28c*=0x4) returned 0x0 [0136.507] RegQueryValueExW (in: hKey=0x3a4, lpValueName="First Counter", lpReserved=0x0, lpType=0x485f290, lpData=0x0, lpcbData=0x485f28c*=0x0 | out: lpType=0x485f290*=0x4, lpData=0x0, lpcbData=0x485f28c*=0x4) returned 0x0 [0136.507] RegQueryValueExW (in: hKey=0x3a4, lpValueName="First Counter", lpReserved=0x0, lpType=0x485f290, lpData=0x485f27c, lpcbData=0x485f28c*=0x4 | out: lpType=0x485f290*=0x4, lpData=0x485f27c*=0x1770, lpcbData=0x485f28c*=0x4) returned 0x0 [0136.507] RegCloseKey (hKey=0x3a4) returned 0x0 [0136.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x485f238 | out: phkResult=0x485f238*=0x3a4) returned 0x0 [0136.510] RegQueryValueExW (in: hKey=0x3a4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x485f280, lpData=0x0, lpcbData=0x485f27c*=0x0 | out: lpType=0x485f280*=0x4, lpData=0x0, lpcbData=0x485f27c*=0x4) returned 0x0 [0136.510] RegQueryValueExW (in: hKey=0x3a4, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x485f280, lpData=0x485f26c, lpcbData=0x485f27c*=0x4 | out: lpType=0x485f280*=0x4, lpData=0x485f26c*=0x3, lpcbData=0x485f27c*=0x4) returned 0x0 [0136.510] RegQueryValueExW (in: hKey=0x3a4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x485f280, lpData=0x0, lpcbData=0x485f27c*=0x0 | out: lpType=0x485f280*=0x4, lpData=0x0, lpcbData=0x485f27c*=0x4) returned 0x0 [0136.510] RegQueryValueExW (in: hKey=0x3a4, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x485f280, lpData=0x485f26c, lpcbData=0x485f27c*=0x4 | out: lpType=0x485f280*=0x4, lpData=0x485f26c*=0x20000, lpcbData=0x485f27c*=0x4) returned 0x0 [0136.510] RegQueryValueExW (in: hKey=0x3a4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x485f280, lpData=0x0, lpcbData=0x485f27c*=0x0 | out: lpType=0x485f280*=0x3, lpData=0x0, lpcbData=0x485f27c*=0xaa) returned 0x0 [0136.510] RegQueryValueExW (in: hKey=0x3a4, lpValueName="Counter Names", lpReserved=0x0, lpType=0x485f280, lpData=0x2482e14, lpcbData=0x485f27c*=0xaa | out: lpType=0x485f280*=0x3, lpData=0x2482e14*, lpcbData=0x485f27c*=0xaa) returned 0x0 [0136.515] ConvertStringSecurityDescriptorToSecurityDescriptorW (in: StringSecurityDescriptor="D:(A;OICI;FRFWGRGW;;;AU)(A;OICI;FRFWGRGW;;;S-1-5-33)", StringSDRevision=0x1, SecurityDescriptor=0x485f1ec, SecurityDescriptorSize=0x0 | out: SecurityDescriptor=0x485f1ec*=0x0*(Revision=0x1, Sbz1=0x0, Control=0x8004, Owner=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0), Group=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x14), Sacl=0x0*(AclRevision=0x0, Sbz1=0x0, AclSize=0x0, AceCount=0x14, Sbz2=0x0), Dacl=0x14*(AclRevision=0x14, Sbz1=0x0, AclSize=0x0, AceCount=0x2, Sbz2=0x30)), SecurityDescriptorSize=0x0) returned 1 [0136.518] GetLastError () returned 0x0 [0136.521] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x634500, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x3b0 [0136.521] GetLastError () returned 0x0 [0136.522] MapViewOfFile (hFileMappingObject=0x3b0, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4be0000 [0136.524] VirtualQuery (in: lpAddress=0x4be0000, lpBuffer=0x485f250, dwLength=0x1c | out: lpBuffer=0x485f250*(BaseAddress=0x4be0000, AllocationBase=0x4be0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0136.524] GetLastError () returned 0x0 [0136.524] LocalFree (hMem=0x63cdc0) returned 0x0 [0136.524] RegCloseKey (hKey=0x3a4) returned 0x0 [0136.537] GetVersionExW (in: lpVersionInformation=0x6344e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6344e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0136.537] GetLastError () returned 0x0 [0136.537] GetVersionExW (in: lpVersionInformation=0x6344e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6344e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0136.538] GetLastError () returned 0x0 [0136.540] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x248385c, cbSid=0x485f230 | out: pSid=0x248385c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f230) returned 1 [0136.540] GetLastError () returned 0x0 [0136.543] CreateMutexW (lpMutexAttributes=0x24839ac, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.543] GetLastError () returned 0x0 [0136.545] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.545] GetLastError () returned 0x0 [0136.545] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2483b80, cbSid=0x485f1f0 | out: pSid=0x2483b80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f1f0) returned 1 [0136.545] GetLastError () returned 0x0 [0136.545] CreateMutexW (lpMutexAttributes=0x2483c90, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0136.546] GetLastError () returned 0x5 [0136.548] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x3b4 [0136.548] GetLastError () returned 0x5 [0136.548] WaitForSingleObject (hHandle=0x3b4, dwMilliseconds=0x1f4) returned 0x0 [0136.548] GetLastError () returned 0x5 [0136.548] ReleaseMutex (hMutex=0x3b4) returned 1 [0136.548] GetLastError () returned 0x5 [0136.548] CloseHandle (hObject=0x3b4) returned 1 [0136.548] GetLastError () returned 0x5 [0136.548] GetCurrentProcessId () returned 0x11b8 [0136.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x11b8) returned 0x3b4 [0136.549] GetLastError () returned 0x5 [0136.551] GetProcessTimes (in: hProcess=0x3b4, lpCreationTime=0x485f1f4, lpExitTime=0x485f1ec, lpKernelTime=0x485f1ec, lpUserTime=0x485f1ec | out: lpCreationTime=0x485f1f4, lpExitTime=0x485f1ec, lpKernelTime=0x485f1ec, lpUserTime=0x485f1ec) returned 1 [0136.551] GetLastError () returned 0x5 [0136.552] CloseHandle (hObject=0x3b4) returned 1 [0136.552] GetLastError () returned 0x5 [0136.553] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.553] GetLastError () returned 0x5 [0136.553] CloseHandle (hObject=0x3a4) returned 1 [0136.553] GetLastError () returned 0x5 [0136.553] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2484454, cbSid=0x485f230 | out: pSid=0x2484454*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f230) returned 1 [0136.553] GetLastError () returned 0x5 [0136.554] CreateMutexW (lpMutexAttributes=0x2484564, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.554] GetLastError () returned 0x0 [0136.554] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.554] GetLastError () returned 0x0 [0136.556] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.556] GetLastError () returned 0x0 [0136.556] CloseHandle (hObject=0x3a4) returned 1 [0136.556] GetLastError () returned 0x0 [0136.556] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2484db4, cbSid=0x485f230 | out: pSid=0x2484db4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f230) returned 1 [0136.556] GetLastError () returned 0x0 [0136.556] CreateMutexW (lpMutexAttributes=0x2484ec4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.556] GetLastError () returned 0x0 [0136.557] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.557] GetLastError () returned 0x0 [0136.557] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.557] GetLastError () returned 0x0 [0136.557] CloseHandle (hObject=0x3a4) returned 1 [0136.557] GetLastError () returned 0x0 [0136.557] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2485534, cbSid=0x485f230 | out: pSid=0x2485534*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f230) returned 1 [0136.557] GetLastError () returned 0x0 [0136.558] CreateMutexW (lpMutexAttributes=0x2485644, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.558] GetLastError () returned 0x0 [0136.558] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.558] GetLastError () returned 0x0 [0136.558] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.558] GetLastError () returned 0x0 [0136.558] CloseHandle (hObject=0x3a4) returned 1 [0136.558] GetLastError () returned 0x0 [0136.558] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2485cac, cbSid=0x485f230 | out: pSid=0x2485cac*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f230) returned 1 [0136.558] GetLastError () returned 0x0 [0136.560] CreateMutexW (lpMutexAttributes=0x2485dbc, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.560] GetLastError () returned 0x0 [0136.560] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.560] GetLastError () returned 0x0 [0136.560] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.560] GetLastError () returned 0x0 [0136.561] CloseHandle (hObject=0x3a4) returned 1 [0136.561] GetLastError () returned 0x0 [0136.561] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2486438, cbSid=0x485f228 | out: pSid=0x2486438*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f228) returned 1 [0136.561] GetLastError () returned 0x0 [0136.561] CreateMutexW (lpMutexAttributes=0x2486548, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.561] GetLastError () returned 0x0 [0136.562] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.562] GetLastError () returned 0x0 [0136.562] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.562] GetLastError () returned 0x0 [0136.562] CloseHandle (hObject=0x3a4) returned 1 [0136.562] GetLastError () returned 0x0 [0136.562] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2486bd0, cbSid=0x485f228 | out: pSid=0x2486bd0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f228) returned 1 [0136.562] GetLastError () returned 0x0 [0136.562] CreateMutexW (lpMutexAttributes=0x2486ce0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.563] GetLastError () returned 0x0 [0136.563] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.563] GetLastError () returned 0x0 [0136.563] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.563] GetLastError () returned 0x0 [0136.563] CloseHandle (hObject=0x3a4) returned 1 [0136.563] GetLastError () returned 0x0 [0136.563] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2487344, cbSid=0x485f228 | out: pSid=0x2487344*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f228) returned 1 [0136.563] GetLastError () returned 0x0 [0136.563] CreateMutexW (lpMutexAttributes=0x2487454, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.564] GetLastError () returned 0x0 [0136.564] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.564] GetLastError () returned 0x0 [0136.564] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.564] GetLastError () returned 0x0 [0136.564] CloseHandle (hObject=0x3a4) returned 1 [0136.564] GetLastError () returned 0x0 [0136.564] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2487ac8, cbSid=0x485f228 | out: pSid=0x2487ac8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f228) returned 1 [0136.564] GetLastError () returned 0x0 [0136.564] CreateMutexW (lpMutexAttributes=0x2487bd8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.565] GetLastError () returned 0x0 [0136.565] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.565] GetLastError () returned 0x0 [0136.565] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.565] GetLastError () returned 0x0 [0136.565] CloseHandle (hObject=0x3a4) returned 1 [0136.565] GetLastError () returned 0x0 [0136.565] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x2488244, cbSid=0x485f228 | out: pSid=0x2488244*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x485f228) returned 1 [0136.565] GetLastError () returned 0x0 [0136.566] CreateMutexW (lpMutexAttributes=0x2488354, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x3a4 [0136.566] GetLastError () returned 0x0 [0136.566] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0x1f4) returned 0x0 [0136.566] GetLastError () returned 0x0 [0136.566] ReleaseMutex (hMutex=0x3a4) returned 1 [0136.566] GetLastError () returned 0x0 [0136.566] CloseHandle (hObject=0x3a4) returned 1 [0136.566] GetLastError () returned 0x0 [0136.577] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3a4 [0136.578] GetLastError () returned 0x0 [0136.579] setsockopt (s=0x3a4, level=65535, optname=4098, optval="", optlen=4) returned 0 [0136.579] GetLastError () returned 0x0 [0136.579] setsockopt (s=0x3a4, level=65535, optname=4097, optval="", optlen=4) returned 0 [0136.580] GetLastError () returned 0x0 [0136.581] setsockopt (s=0x3a4, level=65535, optname=4101, optval="\x10'", optlen=4) returned 0 [0136.581] GetLastError () returned 0x0 [0136.581] setsockopt (s=0x3a4, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0136.581] GetLastError () returned 0x0 [0136.709] inet_addr (cp="10.10.1.11") returned 0xb010a0a [0136.709] GetLastError () returned 0x0 [0136.714] WSAConnect (s=0x3a4, name=0x24889c8*(sa_family=2, sin_port=0x15b0, sin_addr="10.10.1.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0) Thread: id = 24 os_tid = 0xa18 [0124.170] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0124.299] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", ulOptions=0x0, samDesired=0x20019, phkResult=0x48df1e8 | out: phkResult=0x48df1e8*=0x0) returned 0x2 [0124.845] GetAsyncKeyState (vKey=0) returned 0 [0124.846] GetLastError () returned 0x0 [0125.643] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc150 [0125.644] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1da [0125.699] GetKeyState (nVirtKey=16) returned 0 [0125.699] GetKeyState (nVirtKey=17) returned 0 [0125.699] GetKeyState (nVirtKey=18) returned 0 [0125.699] GetAsyncKeyState (vKey=1) returned 0 [0125.699] GetLastError () returned 0x0 [0125.699] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=2) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=3) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=4) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=5) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=6) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=7) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=8) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.700] GetKeyState (nVirtKey=17) returned 0 [0125.700] GetKeyState (nVirtKey=18) returned 0 [0125.700] GetAsyncKeyState (vKey=9) returned 0 [0125.700] GetLastError () returned 0x0 [0125.700] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=10) returned 0 [0125.701] GetLastError () returned 0x0 [0125.701] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=11) returned 0 [0125.701] GetLastError () returned 0x0 [0125.701] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=12) returned 0 [0125.701] GetLastError () returned 0x0 [0125.701] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=13) returned 0 [0125.701] GetLastError () returned 0x0 [0125.701] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=14) returned 0 [0125.701] GetLastError () returned 0x0 [0125.701] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=15) returned 0 [0125.701] GetLastError () returned 0x0 [0125.701] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=16) returned 0 [0125.701] GetLastError () returned 0x0 [0125.701] GetKeyState (nVirtKey=16) returned 0 [0125.701] GetKeyState (nVirtKey=17) returned 0 [0125.701] GetKeyState (nVirtKey=18) returned 0 [0125.701] GetAsyncKeyState (vKey=17) returned 0 [0125.701] GetLastError () returned 0x0 [0125.702] GetKeyState (nVirtKey=16) returned 0 [0125.702] GetKeyState (nVirtKey=17) returned 0 [0125.702] GetKeyState (nVirtKey=18) returned 0 [0125.702] GetAsyncKeyState (vKey=18) returned 0 [0125.702] GetLastError () returned 0x0 [0125.702] GetKeyState (nVirtKey=16) returned 0 [0125.702] GetKeyState (nVirtKey=17) returned 0 [0125.702] GetKeyState (nVirtKey=18) returned 0 [0125.702] GetAsyncKeyState (vKey=19) returned 0 [0125.702] GetLastError () returned 0x0 [0125.702] GetKeyState (nVirtKey=16) returned 0 [0125.702] GetKeyState (nVirtKey=17) returned 0 [0125.702] GetKeyState (nVirtKey=18) returned 0 [0125.702] GetAsyncKeyState (vKey=20) returned 0 [0125.702] GetLastError () returned 0x0 [0125.702] GetKeyState (nVirtKey=16) returned 0 [0125.702] GetKeyState (nVirtKey=17) returned 0 [0125.702] GetKeyState (nVirtKey=18) returned 0 [0125.702] GetAsyncKeyState (vKey=21) returned 0 [0125.702] GetLastError () returned 0x0 [0125.702] GetKeyState (nVirtKey=16) returned 0 [0125.702] GetKeyState (nVirtKey=17) returned 0 [0125.702] GetKeyState (nVirtKey=18) returned 0 [0125.702] GetAsyncKeyState (vKey=22) returned 0 [0125.702] GetLastError () returned 0x0 [0125.702] GetKeyState (nVirtKey=16) returned 0 [0125.702] GetKeyState (nVirtKey=17) returned 0 [0125.702] GetKeyState (nVirtKey=18) returned 0 [0125.702] GetAsyncKeyState (vKey=23) returned 0 [0125.702] GetLastError () returned 0x0 [0125.702] GetKeyState (nVirtKey=16) returned 0 [0125.702] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=24) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.703] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=25) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.703] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=26) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.703] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=27) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.703] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=28) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.703] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=29) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.703] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=30) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.703] GetKeyState (nVirtKey=17) returned 0 [0125.703] GetKeyState (nVirtKey=18) returned 0 [0125.703] GetAsyncKeyState (vKey=31) returned 0 [0125.703] GetLastError () returned 0x0 [0125.703] GetKeyState (nVirtKey=16) returned 0 [0125.704] GetKeyState (nVirtKey=17) returned 0 [0125.704] GetKeyState (nVirtKey=18) returned 0 [0125.704] GetAsyncKeyState (vKey=32) returned 0 [0125.704] GetLastError () returned 0x0 [0125.704] GetKeyState (nVirtKey=16) returned 0 [0125.704] GetKeyState (nVirtKey=17) returned 0 [0125.704] GetKeyState (nVirtKey=18) returned 0 [0125.704] GetAsyncKeyState (vKey=33) returned 0 [0125.704] GetLastError () returned 0x0 [0125.704] GetKeyState (nVirtKey=16) returned 0 [0125.704] GetKeyState (nVirtKey=17) returned 0 [0125.704] GetKeyState (nVirtKey=18) returned 0 [0125.704] GetAsyncKeyState (vKey=34) returned 0 [0125.704] GetLastError () returned 0x0 [0125.704] GetKeyState (nVirtKey=16) returned 0 [0125.704] GetKeyState (nVirtKey=17) returned 0 [0125.704] GetKeyState (nVirtKey=18) returned 0 [0125.704] GetAsyncKeyState (vKey=35) returned 0 [0125.704] GetLastError () returned 0x0 [0125.704] GetKeyState (nVirtKey=16) returned 0 [0125.704] GetKeyState (nVirtKey=17) returned 0 [0125.704] GetKeyState (nVirtKey=18) returned 0 [0125.704] GetAsyncKeyState (vKey=36) returned 0 [0125.704] GetLastError () returned 0x0 [0125.704] GetKeyState (nVirtKey=16) returned 0 [0125.704] GetKeyState (nVirtKey=17) returned 0 [0125.704] GetKeyState (nVirtKey=18) returned 0 [0125.704] GetAsyncKeyState (vKey=37) returned 0 [0125.704] GetLastError () returned 0x0 [0125.705] GetKeyState (nVirtKey=16) returned 0 [0125.705] GetKeyState (nVirtKey=17) returned 0 [0125.705] GetKeyState (nVirtKey=18) returned 0 [0125.705] GetAsyncKeyState (vKey=38) returned 0 [0125.706] GetLastError () returned 0x0 [0125.706] GetKeyState (nVirtKey=16) returned 0 [0125.706] GetKeyState (nVirtKey=17) returned 0 [0125.706] GetKeyState (nVirtKey=18) returned 0 [0125.706] GetAsyncKeyState (vKey=39) returned 0 [0125.706] GetLastError () returned 0x0 [0125.706] GetKeyState (nVirtKey=16) returned 0 [0125.706] GetKeyState (nVirtKey=17) returned 0 [0125.706] GetKeyState (nVirtKey=18) returned 0 [0125.706] GetAsyncKeyState (vKey=40) returned 0 [0125.706] GetLastError () returned 0x0 [0125.706] GetKeyState (nVirtKey=16) returned 0 [0125.706] GetKeyState (nVirtKey=17) returned 0 [0125.706] GetKeyState (nVirtKey=18) returned 0 [0125.706] GetAsyncKeyState (vKey=41) returned 0 [0125.707] GetLastError () returned 0x0 [0125.707] GetKeyState (nVirtKey=16) returned 0 [0125.707] GetKeyState (nVirtKey=17) returned 0 [0125.707] GetKeyState (nVirtKey=18) returned 0 [0125.707] GetAsyncKeyState (vKey=42) returned 0 [0125.707] GetLastError () returned 0x0 [0125.707] GetKeyState (nVirtKey=16) returned 0 [0125.707] GetKeyState (nVirtKey=17) returned 0 [0125.707] GetKeyState (nVirtKey=18) returned 0 [0125.707] GetAsyncKeyState (vKey=43) returned 0 [0125.707] GetLastError () returned 0x0 [0125.707] GetKeyState (nVirtKey=16) returned 0 [0125.707] GetKeyState (nVirtKey=17) returned 0 [0125.707] GetKeyState (nVirtKey=18) returned 0 [0125.707] GetAsyncKeyState (vKey=44) returned 0 [0125.707] GetLastError () returned 0x0 [0125.707] GetKeyState (nVirtKey=16) returned 0 [0125.707] GetKeyState (nVirtKey=17) returned 0 [0125.707] GetKeyState (nVirtKey=18) returned 0 [0125.707] GetAsyncKeyState (vKey=45) returned 0 [0125.707] GetLastError () returned 0x0 [0125.707] GetKeyState (nVirtKey=16) returned 0 [0125.707] GetKeyState (nVirtKey=17) returned 0 [0125.707] GetKeyState (nVirtKey=18) returned 0 [0125.707] GetAsyncKeyState (vKey=46) returned 0 [0125.707] GetLastError () returned 0x0 [0125.707] GetKeyState (nVirtKey=16) returned 0 [0125.707] GetKeyState (nVirtKey=17) returned 0 [0125.708] GetKeyState (nVirtKey=18) returned 0 [0125.708] GetAsyncKeyState (vKey=47) returned 0 [0125.708] GetLastError () returned 0x0 [0125.708] GetKeyState (nVirtKey=16) returned 0 [0125.708] GetKeyState (nVirtKey=17) returned 0 [0125.708] GetKeyState (nVirtKey=18) returned 0 [0125.708] GetAsyncKeyState (vKey=48) returned 0 [0125.708] GetLastError () returned 0x0 [0125.708] GetKeyState (nVirtKey=16) returned 0 [0125.708] GetKeyState (nVirtKey=17) returned 0 [0125.708] GetKeyState (nVirtKey=18) returned 0 [0125.708] GetAsyncKeyState (vKey=49) returned 0 [0125.708] GetLastError () returned 0x0 [0125.708] GetKeyState (nVirtKey=16) returned 0 [0125.708] GetKeyState (nVirtKey=17) returned 0 [0125.708] GetKeyState (nVirtKey=18) returned 0 [0125.708] GetAsyncKeyState (vKey=50) returned 0 [0125.708] GetLastError () returned 0x0 [0125.708] GetKeyState (nVirtKey=16) returned 0 [0125.708] GetKeyState (nVirtKey=17) returned 0 [0125.708] GetKeyState (nVirtKey=18) returned 0 [0125.708] GetAsyncKeyState (vKey=51) returned 0 [0125.708] GetLastError () returned 0x0 [0125.708] GetKeyState (nVirtKey=16) returned 0 [0125.708] GetKeyState (nVirtKey=17) returned 0 [0125.708] GetKeyState (nVirtKey=18) returned 0 [0125.708] GetAsyncKeyState (vKey=52) returned 0 [0125.708] GetLastError () returned 0x0 [0125.709] GetKeyState (nVirtKey=16) returned 0 [0125.709] GetKeyState (nVirtKey=17) returned 0 [0125.709] GetKeyState (nVirtKey=18) returned 0 [0125.709] GetAsyncKeyState (vKey=53) returned 0 [0125.709] GetLastError () returned 0x0 [0125.709] GetKeyState (nVirtKey=16) returned 0 [0125.709] GetKeyState (nVirtKey=17) returned 0 [0125.709] GetKeyState (nVirtKey=18) returned 0 [0125.709] GetAsyncKeyState (vKey=54) returned 0 [0125.709] GetLastError () returned 0x0 [0125.709] GetKeyState (nVirtKey=16) returned 0 [0125.709] GetKeyState (nVirtKey=17) returned 0 [0125.709] GetKeyState (nVirtKey=18) returned 0 [0125.709] GetAsyncKeyState (vKey=55) returned 0 [0125.709] GetLastError () returned 0x0 [0125.709] GetKeyState (nVirtKey=16) returned 0 [0125.709] GetKeyState (nVirtKey=17) returned 0 [0125.709] GetKeyState (nVirtKey=18) returned 0 [0125.709] GetAsyncKeyState (vKey=56) returned 0 [0125.709] GetLastError () returned 0x0 [0125.709] GetKeyState (nVirtKey=16) returned 0 [0125.709] GetKeyState (nVirtKey=17) returned 0 [0125.709] GetKeyState (nVirtKey=18) returned 0 [0125.709] GetAsyncKeyState (vKey=57) returned 0 [0125.709] GetLastError () returned 0x0 [0125.709] GetKeyState (nVirtKey=16) returned 0 [0125.709] GetKeyState (nVirtKey=17) returned 0 [0125.709] GetKeyState (nVirtKey=18) returned 0 [0125.709] GetAsyncKeyState (vKey=58) returned 0 [0125.710] GetLastError () returned 0x0 [0125.710] GetKeyState (nVirtKey=16) returned 0 [0125.710] GetKeyState (nVirtKey=17) returned 0 [0125.710] GetKeyState (nVirtKey=18) returned 0 [0125.710] GetAsyncKeyState (vKey=59) returned 0 [0125.710] GetLastError () returned 0x0 [0125.710] GetKeyState (nVirtKey=16) returned 0 [0125.710] GetKeyState (nVirtKey=17) returned 0 [0125.710] GetKeyState (nVirtKey=18) returned 0 [0125.710] GetAsyncKeyState (vKey=60) returned 0 [0125.710] GetLastError () returned 0x0 [0125.710] GetKeyState (nVirtKey=16) returned 0 [0125.710] GetKeyState (nVirtKey=17) returned 0 [0125.710] GetKeyState (nVirtKey=18) returned 0 [0125.710] GetAsyncKeyState (vKey=61) returned 0 [0125.710] GetLastError () returned 0x0 [0125.710] GetKeyState (nVirtKey=16) returned 0 [0125.710] GetKeyState (nVirtKey=17) returned 0 [0125.710] GetKeyState (nVirtKey=18) returned 0 [0125.710] GetAsyncKeyState (vKey=62) returned 0 [0125.710] GetLastError () returned 0x0 [0125.710] GetKeyState (nVirtKey=16) returned 0 [0125.710] GetKeyState (nVirtKey=17) returned 0 [0125.710] GetKeyState (nVirtKey=18) returned 0 [0125.710] GetAsyncKeyState (vKey=63) returned 0 [0125.710] GetLastError () returned 0x0 [0125.710] GetKeyState (nVirtKey=16) returned 0 [0125.710] GetKeyState (nVirtKey=17) returned 0 [0125.710] GetKeyState (nVirtKey=18) returned 0 [0125.711] GetAsyncKeyState (vKey=64) returned 0 [0125.711] GetLastError () returned 0x0 [0125.711] GetKeyState (nVirtKey=16) returned 0 [0125.711] GetKeyState (nVirtKey=17) returned 0 [0125.711] GetKeyState (nVirtKey=18) returned 0 [0125.711] GetAsyncKeyState (vKey=65) returned 0 [0125.711] GetLastError () returned 0x0 [0125.711] GetKeyState (nVirtKey=16) returned 0 [0125.711] GetKeyState (nVirtKey=17) returned 0 [0125.711] GetKeyState (nVirtKey=18) returned 0 [0125.711] GetAsyncKeyState (vKey=66) returned 0 [0125.711] GetLastError () returned 0x0 [0125.711] GetKeyState (nVirtKey=16) returned 0 [0125.711] GetKeyState (nVirtKey=17) returned 0 [0125.711] GetKeyState (nVirtKey=18) returned 0 [0125.711] GetAsyncKeyState (vKey=67) returned 0 [0125.711] GetLastError () returned 0x0 [0125.711] GetKeyState (nVirtKey=16) returned 0 [0125.711] GetKeyState (nVirtKey=17) returned 0 [0125.711] GetKeyState (nVirtKey=18) returned 0 [0125.711] GetAsyncKeyState (vKey=68) returned 0 [0125.711] GetLastError () returned 0x0 [0125.711] GetKeyState (nVirtKey=16) returned 0 [0125.711] GetKeyState (nVirtKey=17) returned 0 [0125.711] GetKeyState (nVirtKey=18) returned 0 [0125.711] GetAsyncKeyState (vKey=69) returned 0 [0125.711] GetLastError () returned 0x0 [0125.711] GetKeyState (nVirtKey=16) returned 0 [0125.711] GetKeyState (nVirtKey=17) returned 0 [0125.712] GetKeyState (nVirtKey=18) returned 0 [0125.712] GetAsyncKeyState (vKey=70) returned 0 [0125.712] GetLastError () returned 0x0 [0125.712] GetKeyState (nVirtKey=16) returned 0 [0125.712] GetKeyState (nVirtKey=17) returned 0 [0125.712] GetKeyState (nVirtKey=18) returned 0 [0125.712] GetAsyncKeyState (vKey=71) returned 0 [0125.712] GetLastError () returned 0x0 [0125.712] GetKeyState (nVirtKey=16) returned 0 [0125.712] GetKeyState (nVirtKey=17) returned 0 [0125.712] GetKeyState (nVirtKey=18) returned 0 [0125.712] GetAsyncKeyState (vKey=72) returned 0 [0125.712] GetLastError () returned 0x0 [0125.712] GetKeyState (nVirtKey=16) returned 0 [0125.712] GetKeyState (nVirtKey=17) returned 0 [0125.712] GetKeyState (nVirtKey=18) returned 0 [0125.712] GetAsyncKeyState (vKey=73) returned 0 [0125.712] GetLastError () returned 0x0 [0125.712] GetKeyState (nVirtKey=16) returned 0 [0125.712] GetKeyState (nVirtKey=17) returned 0 [0125.712] GetKeyState (nVirtKey=18) returned 0 [0125.712] GetAsyncKeyState (vKey=74) returned 0 [0125.712] GetLastError () returned 0x0 [0125.712] GetKeyState (nVirtKey=16) returned 0 [0125.712] GetKeyState (nVirtKey=17) returned 0 [0125.712] GetKeyState (nVirtKey=18) returned 0 [0125.712] GetAsyncKeyState (vKey=75) returned 0 [0125.712] GetLastError () returned 0x0 [0125.712] GetKeyState (nVirtKey=16) returned 0 [0125.713] GetKeyState (nVirtKey=17) returned 0 [0125.713] GetKeyState (nVirtKey=18) returned 0 [0125.713] GetAsyncKeyState (vKey=76) returned 0 [0125.713] GetLastError () returned 0x0 [0125.713] GetKeyState (nVirtKey=16) returned 0 [0125.713] GetKeyState (nVirtKey=17) returned 0 [0125.713] GetKeyState (nVirtKey=18) returned 0 [0125.713] GetAsyncKeyState (vKey=77) returned 0 [0125.713] GetLastError () returned 0x0 [0125.713] GetKeyState (nVirtKey=16) returned 0 [0125.713] GetKeyState (nVirtKey=17) returned 0 [0125.713] GetKeyState (nVirtKey=18) returned 0 [0125.713] GetAsyncKeyState (vKey=78) returned 0 [0125.713] GetLastError () returned 0x0 [0125.713] GetKeyState (nVirtKey=16) returned 0 [0125.713] GetKeyState (nVirtKey=17) returned 0 [0125.713] GetKeyState (nVirtKey=18) returned 0 [0125.713] GetAsyncKeyState (vKey=79) returned 0 [0125.713] GetLastError () returned 0x0 [0125.713] GetKeyState (nVirtKey=16) returned 0 [0125.713] GetKeyState (nVirtKey=17) returned 0 [0125.713] GetKeyState (nVirtKey=18) returned 0 [0125.713] GetAsyncKeyState (vKey=80) returned 0 [0125.713] GetLastError () returned 0x0 [0125.713] GetKeyState (nVirtKey=16) returned 0 [0125.713] GetKeyState (nVirtKey=17) returned 0 [0125.713] GetKeyState (nVirtKey=18) returned 0 [0125.713] GetAsyncKeyState (vKey=81) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetKeyState (nVirtKey=16) returned 0 [0125.714] GetKeyState (nVirtKey=17) returned 0 [0125.714] GetKeyState (nVirtKey=18) returned 0 [0125.714] GetAsyncKeyState (vKey=82) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetKeyState (nVirtKey=16) returned 0 [0125.714] GetKeyState (nVirtKey=17) returned 0 [0125.714] GetKeyState (nVirtKey=18) returned 0 [0125.714] GetAsyncKeyState (vKey=83) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetAsyncKeyState (vKey=84) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetAsyncKeyState (vKey=85) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetAsyncKeyState (vKey=86) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetAsyncKeyState (vKey=87) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetAsyncKeyState (vKey=88) returned 0 [0125.714] GetLastError () returned 0x0 [0125.714] GetAsyncKeyState (vKey=89) returned 0 [0125.714] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=90) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=91) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=92) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=93) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=94) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=95) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=96) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=97) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=98) returned 0 [0125.715] GetLastError () returned 0x0 [0125.715] GetAsyncKeyState (vKey=99) returned 0 [0125.715] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=100) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=101) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=102) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=103) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=104) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=105) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=106) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=107) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=108) returned 0 [0125.716] GetLastError () returned 0x0 [0125.716] GetAsyncKeyState (vKey=109) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=110) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=111) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=112) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=113) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=114) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=115) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=116) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=117) returned 0 [0125.717] GetLastError () returned 0x0 [0125.717] GetAsyncKeyState (vKey=118) returned 0 [0125.719] GetLastError () returned 0x0 [0125.719] GetAsyncKeyState (vKey=119) returned 0 [0125.719] GetLastError () returned 0x0 [0125.719] GetAsyncKeyState (vKey=120) returned 0 [0125.719] GetLastError () returned 0x0 [0125.719] GetAsyncKeyState (vKey=121) returned 0 [0125.719] GetLastError () returned 0x0 [0125.719] GetAsyncKeyState (vKey=122) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=123) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=124) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=125) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=126) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=127) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=128) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=129) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=130) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=131) returned 0 [0125.720] GetLastError () returned 0x0 [0125.720] GetAsyncKeyState (vKey=132) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=133) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=134) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=135) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=136) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=137) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=138) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=139) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=140) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=141) returned 0 [0125.721] GetLastError () returned 0x0 [0125.721] GetAsyncKeyState (vKey=142) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=143) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=144) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=145) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=146) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=147) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=148) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=149) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=150) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=151) returned 0 [0125.722] GetLastError () returned 0x0 [0125.722] GetAsyncKeyState (vKey=152) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=153) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=154) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=155) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=156) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=157) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=158) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=159) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=160) returned 0 [0125.723] GetLastError () returned 0x0 [0125.723] GetAsyncKeyState (vKey=161) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=162) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=163) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=164) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=165) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=166) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=167) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=168) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=169) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=170) returned 0 [0125.724] GetLastError () returned 0x0 [0125.724] GetAsyncKeyState (vKey=171) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=172) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=173) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=174) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=175) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=176) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=177) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=178) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=179) returned 0 [0125.725] GetLastError () returned 0x0 [0125.725] GetAsyncKeyState (vKey=180) returned 0 [0125.725] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=181) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=182) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=183) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=184) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=185) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=186) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=187) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=188) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=189) returned 0 [0125.726] GetLastError () returned 0x0 [0125.726] GetAsyncKeyState (vKey=190) returned 0 [0125.726] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=191) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=192) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=193) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=194) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=195) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=196) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=197) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=198) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=199) returned 0 [0125.727] GetLastError () returned 0x0 [0125.727] GetAsyncKeyState (vKey=200) returned 0 [0125.727] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=201) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=202) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=203) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=204) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=205) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=206) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=207) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=208) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=209) returned 0 [0125.728] GetLastError () returned 0x0 [0125.728] GetAsyncKeyState (vKey=210) returned 0 [0125.728] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=211) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=212) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=213) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=214) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=215) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=216) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=217) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=218) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=219) returned 0 [0125.729] GetLastError () returned 0x0 [0125.729] GetAsyncKeyState (vKey=220) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=221) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=222) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=223) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=224) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=225) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=226) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=227) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=228) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=229) returned 0 [0125.730] GetLastError () returned 0x0 [0125.730] GetAsyncKeyState (vKey=230) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=231) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=232) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=233) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=234) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=235) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=236) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=237) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=238) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=239) returned 0 [0125.731] GetLastError () returned 0x0 [0125.731] GetAsyncKeyState (vKey=240) returned 0 [0125.732] GetLastError () returned 0x0 [0125.732] GetAsyncKeyState (vKey=241) returned 0 [0125.732] GetLastError () returned 0x0 [0125.732] GetAsyncKeyState (vKey=242) returned 0 [0125.771] GetLastError () returned 0x0 [0125.771] GetAsyncKeyState (vKey=243) returned 0 [0125.771] GetLastError () returned 0x0 [0125.771] GetAsyncKeyState (vKey=244) returned 0 [0125.771] GetLastError () returned 0x0 [0125.771] GetAsyncKeyState (vKey=245) returned 0 [0125.771] GetLastError () returned 0x0 [0125.771] GetAsyncKeyState (vKey=246) returned 0 [0125.771] GetLastError () returned 0x0 [0125.771] GetAsyncKeyState (vKey=247) returned 0 [0125.771] GetLastError () returned 0x0 [0125.771] GetAsyncKeyState (vKey=248) returned 0 [0125.772] GetLastError () returned 0x0 [0125.772] GetAsyncKeyState (vKey=249) returned 0 [0125.772] GetLastError () returned 0x0 [0135.997] GetKeyState (nVirtKey=17) returned 0 [0135.997] GetKeyState (nVirtKey=18) returned 0 [0135.997] GetAsyncKeyState (vKey=1) returned 0 [0135.997] GetLastError () returned 0x0 [0135.997] GetKeyState (nVirtKey=16) returned 0 [0135.997] GetKeyState (nVirtKey=17) returned 0 [0135.997] GetKeyState (nVirtKey=18) returned 0 [0135.997] GetAsyncKeyState (vKey=2) returned 0 [0135.997] GetLastError () returned 0x0 [0135.997] GetKeyState (nVirtKey=16) returned 0 [0135.997] GetKeyState (nVirtKey=17) returned 0 [0135.997] GetKeyState (nVirtKey=18) returned 0 [0135.997] GetAsyncKeyState (vKey=3) returned 0 [0135.997] GetLastError () returned 0x0 [0135.997] GetKeyState (nVirtKey=16) returned 0 [0135.997] GetKeyState (nVirtKey=17) returned 0 [0135.997] GetKeyState (nVirtKey=18) returned 0 [0135.997] GetAsyncKeyState (vKey=4) returned 0 [0135.997] GetLastError () returned 0x0 [0135.997] GetKeyState (nVirtKey=16) returned 0 [0135.997] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=5) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=6) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=7) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=8) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=9) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=10) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=11) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.998] GetAsyncKeyState (vKey=12) returned 0 [0135.998] GetLastError () returned 0x0 [0135.998] GetKeyState (nVirtKey=16) returned 0 [0135.998] GetKeyState (nVirtKey=17) returned 0 [0135.998] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=13) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0135.999] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=14) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0135.999] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=15) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0135.999] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=16) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0135.999] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=17) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0135.999] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=18) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0135.999] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=19) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0135.999] GetKeyState (nVirtKey=18) returned 0 [0135.999] GetAsyncKeyState (vKey=20) returned 0 [0135.999] GetLastError () returned 0x0 [0135.999] GetKeyState (nVirtKey=16) returned 0 [0135.999] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=21) returned 0 [0136.000] GetLastError () returned 0x0 [0136.000] GetKeyState (nVirtKey=16) returned 0 [0136.000] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=22) returned 0 [0136.000] GetLastError () returned 0x0 [0136.000] GetKeyState (nVirtKey=16) returned 0 [0136.000] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=23) returned 0 [0136.000] GetLastError () returned 0x0 [0136.000] GetKeyState (nVirtKey=16) returned 0 [0136.000] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=24) returned 0 [0136.000] GetLastError () returned 0x0 [0136.000] GetKeyState (nVirtKey=16) returned 0 [0136.000] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=25) returned 0 [0136.000] GetLastError () returned 0x0 [0136.000] GetKeyState (nVirtKey=16) returned 0 [0136.000] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=26) returned 0 [0136.000] GetLastError () returned 0x0 [0136.000] GetKeyState (nVirtKey=16) returned 0 [0136.000] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=27) returned 0 [0136.000] GetLastError () returned 0x0 [0136.000] GetKeyState (nVirtKey=16) returned 0 [0136.000] GetKeyState (nVirtKey=17) returned 0 [0136.000] GetKeyState (nVirtKey=18) returned 0 [0136.000] GetAsyncKeyState (vKey=28) returned 0 [0136.000] GetLastError () returned 0x0 [0136.001] GetKeyState (nVirtKey=16) returned 0 [0136.001] GetKeyState (nVirtKey=17) returned 0 [0136.001] GetKeyState (nVirtKey=18) returned 0 [0136.001] GetAsyncKeyState (vKey=29) returned 0 [0136.001] GetLastError () returned 0x0 [0136.001] GetKeyState (nVirtKey=16) returned 0 [0136.001] GetKeyState (nVirtKey=17) returned 0 [0136.001] GetKeyState (nVirtKey=18) returned 0 [0136.001] GetAsyncKeyState (vKey=30) returned 0 [0136.001] GetLastError () returned 0x0 [0136.001] GetKeyState (nVirtKey=16) returned 0 [0136.001] GetKeyState (nVirtKey=17) returned 0 [0136.001] GetKeyState (nVirtKey=18) returned 0 [0136.001] GetAsyncKeyState (vKey=31) returned 0 [0136.001] GetLastError () returned 0x0 [0136.001] GetKeyState (nVirtKey=16) returned 0 [0136.001] GetKeyState (nVirtKey=17) returned 0 [0136.001] GetKeyState (nVirtKey=18) returned 0 [0136.001] GetAsyncKeyState (vKey=32) returned 0 [0136.001] GetLastError () returned 0x0 [0136.001] GetKeyState (nVirtKey=16) returned 0 [0136.001] GetKeyState (nVirtKey=17) returned 0 [0136.001] GetKeyState (nVirtKey=18) returned 0 [0136.001] GetAsyncKeyState (vKey=33) returned 0 [0136.001] GetLastError () returned 0x0 [0136.001] GetKeyState (nVirtKey=16) returned 0 [0136.001] GetKeyState (nVirtKey=17) returned 0 [0136.001] GetKeyState (nVirtKey=18) returned 0 [0136.001] GetAsyncKeyState (vKey=34) returned 0 [0136.001] GetLastError () returned 0x0 [0136.002] GetKeyState (nVirtKey=16) returned 0 [0136.002] GetKeyState (nVirtKey=17) returned 0 [0136.002] GetKeyState (nVirtKey=18) returned 0 [0136.002] GetAsyncKeyState (vKey=35) returned 0 [0136.002] GetLastError () returned 0x0 [0136.002] GetKeyState (nVirtKey=16) returned 0 [0136.002] GetKeyState (nVirtKey=17) returned 0 [0136.002] GetKeyState (nVirtKey=18) returned 0 [0136.002] GetAsyncKeyState (vKey=36) returned 0 [0136.002] GetLastError () returned 0x0 [0136.002] GetKeyState (nVirtKey=16) returned 0 [0136.002] GetKeyState (nVirtKey=17) returned 0 [0136.002] GetKeyState (nVirtKey=18) returned 0 [0136.002] GetAsyncKeyState (vKey=37) returned 0 [0136.002] GetLastError () returned 0x0 [0136.002] GetKeyState (nVirtKey=16) returned 0 [0136.002] GetKeyState (nVirtKey=17) returned 0 [0136.002] GetKeyState (nVirtKey=18) returned 0 [0136.002] GetAsyncKeyState (vKey=38) returned 0 [0136.002] GetLastError () returned 0x0 [0136.002] GetKeyState (nVirtKey=16) returned 0 [0136.002] GetKeyState (nVirtKey=17) returned 0 [0136.002] GetKeyState (nVirtKey=18) returned 0 [0136.002] GetAsyncKeyState (vKey=39) returned 0 [0136.002] GetLastError () returned 0x0 [0136.002] GetKeyState (nVirtKey=16) returned 0 [0136.002] GetKeyState (nVirtKey=17) returned 0 [0136.002] GetKeyState (nVirtKey=18) returned 0 [0136.002] GetAsyncKeyState (vKey=40) returned 0 [0136.003] GetLastError () returned 0x0 [0136.003] GetKeyState (nVirtKey=16) returned 0 [0136.003] GetKeyState (nVirtKey=17) returned 0 [0136.003] GetKeyState (nVirtKey=18) returned 0 [0136.003] GetAsyncKeyState (vKey=41) returned 0 [0136.003] GetLastError () returned 0x0 [0136.003] GetKeyState (nVirtKey=16) returned 0 [0136.003] GetKeyState (nVirtKey=17) returned 0 [0136.003] GetKeyState (nVirtKey=18) returned 0 [0136.003] GetAsyncKeyState (vKey=42) returned 0 [0136.003] GetLastError () returned 0x0 [0136.003] GetKeyState (nVirtKey=16) returned 0 [0136.003] GetKeyState (nVirtKey=17) returned 0 [0136.003] GetKeyState (nVirtKey=18) returned 0 [0136.003] GetAsyncKeyState (vKey=43) returned 0 [0136.003] GetLastError () returned 0x0 [0136.003] GetKeyState (nVirtKey=16) returned 0 [0136.003] GetKeyState (nVirtKey=17) returned 0 [0136.003] GetKeyState (nVirtKey=18) returned 0 [0136.003] GetAsyncKeyState (vKey=44) returned 0 [0136.003] GetLastError () returned 0x0 [0136.003] GetKeyState (nVirtKey=16) returned 0 [0136.003] GetKeyState (nVirtKey=17) returned 0 [0136.003] GetKeyState (nVirtKey=18) returned 0 [0136.003] GetAsyncKeyState (vKey=45) returned 0 [0136.003] GetLastError () returned 0x0 [0136.003] GetKeyState (nVirtKey=16) returned 0 [0136.003] GetKeyState (nVirtKey=17) returned 0 [0136.003] GetKeyState (nVirtKey=18) returned 0 [0136.003] GetAsyncKeyState (vKey=46) returned 0 [0136.004] GetLastError () returned 0x0 [0136.004] GetKeyState (nVirtKey=16) returned 0 [0136.004] GetKeyState (nVirtKey=17) returned 0 [0136.004] GetKeyState (nVirtKey=18) returned 0 [0136.004] GetAsyncKeyState (vKey=47) returned 0 [0136.004] GetLastError () returned 0x0 [0136.004] GetKeyState (nVirtKey=16) returned 0 [0136.004] GetKeyState (nVirtKey=17) returned 0 [0136.004] GetKeyState (nVirtKey=18) returned 0 [0136.004] GetAsyncKeyState (vKey=48) returned 0 [0136.004] GetLastError () returned 0x0 [0136.004] GetKeyState (nVirtKey=16) returned 0 [0136.004] GetKeyState (nVirtKey=17) returned 0 [0136.004] GetKeyState (nVirtKey=18) returned 0 [0136.004] GetAsyncKeyState (vKey=49) returned 0 [0136.004] GetLastError () returned 0x0 [0136.004] GetKeyState (nVirtKey=16) returned 0 [0136.004] GetKeyState (nVirtKey=17) returned 0 [0136.004] GetKeyState (nVirtKey=18) returned 0 [0136.004] GetAsyncKeyState (vKey=50) returned 0 [0136.004] GetLastError () returned 0x0 [0136.004] GetKeyState (nVirtKey=16) returned 0 [0136.004] GetKeyState (nVirtKey=17) returned 0 [0136.004] GetKeyState (nVirtKey=18) returned 0 [0136.004] GetAsyncKeyState (vKey=51) returned 0 [0136.004] GetLastError () returned 0x0 [0136.004] GetKeyState (nVirtKey=16) returned 0 [0136.004] GetKeyState (nVirtKey=17) returned 0 [0136.004] GetKeyState (nVirtKey=18) returned 0 [0136.005] GetAsyncKeyState (vKey=52) returned 0 [0136.005] GetLastError () returned 0x0 [0136.005] GetKeyState (nVirtKey=16) returned 0 [0136.005] GetKeyState (nVirtKey=17) returned 0 [0136.005] GetKeyState (nVirtKey=18) returned 0 [0136.005] GetAsyncKeyState (vKey=53) returned 0 [0136.005] GetLastError () returned 0x0 [0136.005] GetKeyState (nVirtKey=16) returned 0 [0136.005] GetKeyState (nVirtKey=17) returned 0 [0136.005] GetKeyState (nVirtKey=18) returned 0 [0136.005] GetAsyncKeyState (vKey=54) returned 0 [0136.005] GetLastError () returned 0x0 [0136.005] GetKeyState (nVirtKey=16) returned 0 [0136.005] GetKeyState (nVirtKey=17) returned 0 [0136.005] GetKeyState (nVirtKey=18) returned 0 [0136.005] GetAsyncKeyState (vKey=55) returned 0 [0136.005] GetLastError () returned 0x0 [0136.005] GetKeyState (nVirtKey=16) returned 0 [0136.005] GetKeyState (nVirtKey=17) returned 0 [0136.005] GetKeyState (nVirtKey=18) returned 0 [0136.005] GetAsyncKeyState (vKey=56) returned 0 [0136.005] GetLastError () returned 0x0 [0136.005] GetKeyState (nVirtKey=16) returned 0 [0136.005] GetKeyState (nVirtKey=17) returned 0 [0136.005] GetKeyState (nVirtKey=18) returned 0 [0136.005] GetAsyncKeyState (vKey=57) returned 0 [0136.005] GetLastError () returned 0x0 [0136.005] GetKeyState (nVirtKey=16) returned 0 [0136.005] GetKeyState (nVirtKey=17) returned 0 [0136.005] GetKeyState (nVirtKey=18) returned 0 [0136.006] GetAsyncKeyState (vKey=58) returned 0 [0136.006] GetLastError () returned 0x0 [0136.006] GetKeyState (nVirtKey=16) returned 0 [0136.006] GetKeyState (nVirtKey=17) returned 0 [0136.006] GetKeyState (nVirtKey=18) returned 0 [0136.006] GetAsyncKeyState (vKey=59) returned 0 [0136.006] GetLastError () returned 0x0 [0136.006] GetKeyState (nVirtKey=16) returned 0 [0136.006] GetKeyState (nVirtKey=17) returned 0 [0136.006] GetKeyState (nVirtKey=18) returned 0 [0136.006] GetAsyncKeyState (vKey=60) returned 0 [0136.006] GetLastError () returned 0x0 [0136.006] GetKeyState (nVirtKey=16) returned 0 [0136.006] GetKeyState (nVirtKey=17) returned 0 [0136.006] GetKeyState (nVirtKey=18) returned 0 [0136.006] GetAsyncKeyState (vKey=61) returned 0 [0136.006] GetLastError () returned 0x0 [0136.006] GetKeyState (nVirtKey=16) returned 0 [0136.006] GetKeyState (nVirtKey=17) returned 0 [0136.006] GetKeyState (nVirtKey=18) returned 0 [0136.006] GetAsyncKeyState (vKey=62) returned 0 [0136.006] GetLastError () returned 0x0 [0136.006] GetKeyState (nVirtKey=16) returned 0 [0136.006] GetKeyState (nVirtKey=17) returned 0 [0136.006] GetKeyState (nVirtKey=18) returned 0 [0136.006] GetAsyncKeyState (vKey=63) returned 0 [0136.006] GetLastError () returned 0x0 [0136.006] GetKeyState (nVirtKey=16) returned 0 [0136.006] GetKeyState (nVirtKey=17) returned 0 [0136.007] GetKeyState (nVirtKey=18) returned 0 [0136.007] GetAsyncKeyState (vKey=64) returned 0 [0136.007] GetLastError () returned 0x0 [0136.007] GetKeyState (nVirtKey=16) returned 0 [0136.007] GetKeyState (nVirtKey=17) returned 0 [0136.007] GetKeyState (nVirtKey=18) returned 0 [0136.007] GetAsyncKeyState (vKey=65) returned 0 [0136.007] GetLastError () returned 0x0 [0136.007] GetKeyState (nVirtKey=16) returned 0 [0136.007] GetKeyState (nVirtKey=17) returned 0 [0136.007] GetKeyState (nVirtKey=18) returned 0 [0136.007] GetAsyncKeyState (vKey=66) returned 0 [0136.007] GetLastError () returned 0x0 [0136.007] GetKeyState (nVirtKey=16) returned 0 [0136.007] GetKeyState (nVirtKey=17) returned 0 [0136.007] GetKeyState (nVirtKey=18) returned 0 [0136.007] GetAsyncKeyState (vKey=67) returned 0 [0136.007] GetLastError () returned 0x0 [0136.007] GetKeyState (nVirtKey=16) returned 0 [0136.007] GetKeyState (nVirtKey=17) returned 0 [0136.007] GetKeyState (nVirtKey=18) returned 0 [0136.007] GetAsyncKeyState (vKey=68) returned 0 [0136.007] GetLastError () returned 0x0 [0136.007] GetKeyState (nVirtKey=16) returned 0 [0136.007] GetKeyState (nVirtKey=17) returned 0 [0136.007] GetKeyState (nVirtKey=18) returned 0 [0136.007] GetAsyncKeyState (vKey=69) returned 0 [0136.007] GetLastError () returned 0x0 [0136.007] GetKeyState (nVirtKey=16) returned 0 [0136.008] GetKeyState (nVirtKey=17) returned 0 [0136.008] GetKeyState (nVirtKey=18) returned 0 [0136.008] GetAsyncKeyState (vKey=70) returned 0 [0136.008] GetLastError () returned 0x0 [0136.008] GetKeyState (nVirtKey=16) returned 0 [0136.008] GetKeyState (nVirtKey=17) returned 0 [0136.008] GetKeyState (nVirtKey=18) returned 0 [0136.008] GetAsyncKeyState (vKey=71) returned 0 [0136.008] GetLastError () returned 0x0 [0136.008] GetKeyState (nVirtKey=16) returned 0 [0136.008] GetKeyState (nVirtKey=17) returned 0 [0136.008] GetKeyState (nVirtKey=18) returned 0 [0136.008] GetAsyncKeyState (vKey=72) returned 0 [0136.008] GetLastError () returned 0x0 [0136.008] GetKeyState (nVirtKey=16) returned 0 [0136.008] GetKeyState (nVirtKey=17) returned 0 [0136.008] GetKeyState (nVirtKey=18) returned 0 [0136.008] GetAsyncKeyState (vKey=73) returned 0 [0136.008] GetLastError () returned 0x0 [0136.008] GetKeyState (nVirtKey=16) returned 0 [0136.008] GetKeyState (nVirtKey=17) returned 0 [0136.008] GetKeyState (nVirtKey=18) returned 0 [0136.008] GetAsyncKeyState (vKey=74) returned 0 [0136.008] GetLastError () returned 0x0 [0136.008] GetKeyState (nVirtKey=16) returned 0 [0136.008] GetKeyState (nVirtKey=17) returned 0 [0136.008] GetKeyState (nVirtKey=18) returned 0 [0136.008] GetAsyncKeyState (vKey=75) returned 0 [0136.008] GetLastError () returned 0x0 [0136.009] GetKeyState (nVirtKey=16) returned 0 [0136.009] GetKeyState (nVirtKey=17) returned 0 [0136.009] GetKeyState (nVirtKey=18) returned 0 [0136.009] GetAsyncKeyState (vKey=76) returned 0 [0136.009] GetLastError () returned 0x0 [0136.009] GetKeyState (nVirtKey=16) returned 0 [0136.009] GetKeyState (nVirtKey=17) returned 0 [0136.009] GetKeyState (nVirtKey=18) returned 0 [0136.009] GetAsyncKeyState (vKey=77) returned 0 [0136.009] GetLastError () returned 0x0 [0136.009] GetKeyState (nVirtKey=16) returned 0 [0136.009] GetKeyState (nVirtKey=17) returned 0 [0136.009] GetKeyState (nVirtKey=18) returned 0 [0136.009] GetAsyncKeyState (vKey=78) returned 0 [0136.009] GetLastError () returned 0x0 [0136.009] GetKeyState (nVirtKey=16) returned 0 [0136.009] GetKeyState (nVirtKey=17) returned 0 [0136.009] GetKeyState (nVirtKey=18) returned 0 [0136.009] GetAsyncKeyState (vKey=79) returned 0 [0136.009] GetLastError () returned 0x0 [0136.009] GetKeyState (nVirtKey=16) returned 0 [0136.009] GetKeyState (nVirtKey=17) returned 0 [0136.009] GetKeyState (nVirtKey=18) returned 0 [0136.009] GetAsyncKeyState (vKey=80) returned 0 [0136.009] GetLastError () returned 0x0 [0136.009] GetKeyState (nVirtKey=16) returned 0 [0136.009] GetKeyState (nVirtKey=17) returned 0 [0136.009] GetKeyState (nVirtKey=18) returned 0 [0136.009] GetAsyncKeyState (vKey=81) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetKeyState (nVirtKey=16) returned 0 [0136.010] GetKeyState (nVirtKey=17) returned 0 [0136.010] GetKeyState (nVirtKey=18) returned 0 [0136.010] GetAsyncKeyState (vKey=82) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetKeyState (nVirtKey=16) returned 0 [0136.010] GetKeyState (nVirtKey=17) returned 0 [0136.010] GetKeyState (nVirtKey=18) returned 0 [0136.010] GetAsyncKeyState (vKey=83) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetKeyState (nVirtKey=16) returned 0 [0136.010] GetAsyncKeyState (vKey=84) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetAsyncKeyState (vKey=85) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetAsyncKeyState (vKey=86) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetAsyncKeyState (vKey=87) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetAsyncKeyState (vKey=88) returned 0 [0136.010] GetLastError () returned 0x0 [0136.010] GetAsyncKeyState (vKey=89) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=90) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=91) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=92) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=93) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=94) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=95) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=96) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=97) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=98) returned 0 [0136.011] GetLastError () returned 0x0 [0136.011] GetAsyncKeyState (vKey=99) returned 0 [0136.012] GetLastError () returned 0x0 [0136.012] GetAsyncKeyState (vKey=100) returned 0 [0136.091] GetLastError () returned 0x0 [0136.091] GetAsyncKeyState (vKey=101) returned 0 [0136.091] GetLastError () returned 0x0 [0136.091] GetAsyncKeyState (vKey=102) returned 0 [0136.091] GetLastError () returned 0x0 [0136.091] GetAsyncKeyState (vKey=103) returned 0 [0136.091] GetLastError () returned 0x0 [0136.091] GetAsyncKeyState (vKey=104) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=105) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=106) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=107) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=108) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=109) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=110) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=111) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=112) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=113) returned 0 [0136.092] GetLastError () returned 0x0 [0136.092] GetAsyncKeyState (vKey=114) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=115) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=116) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=117) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=118) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=119) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=120) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=121) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=122) returned 0 [0136.093] GetLastError () returned 0x0 [0136.093] GetAsyncKeyState (vKey=123) returned 0 [0136.093] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=124) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=125) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=126) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=127) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=128) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=129) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=130) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=131) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=132) returned 0 [0136.094] GetLastError () returned 0x0 [0136.094] GetAsyncKeyState (vKey=133) returned 0 [0136.094] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=134) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=135) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=136) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=137) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=138) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=139) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=140) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=141) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=142) returned 0 [0136.095] GetLastError () returned 0x0 [0136.095] GetAsyncKeyState (vKey=143) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=144) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=145) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=146) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=147) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=148) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=149) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=150) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=151) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=152) returned 0 [0136.096] GetLastError () returned 0x0 [0136.096] GetAsyncKeyState (vKey=153) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=154) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=155) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=156) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=157) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=158) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=159) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=160) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=161) returned 0 [0136.097] GetLastError () returned 0x0 [0136.097] GetAsyncKeyState (vKey=162) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=163) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=164) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=165) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=166) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=167) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=168) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=169) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=170) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=171) returned 0 [0136.098] GetLastError () returned 0x0 [0136.098] GetAsyncKeyState (vKey=172) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=173) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=174) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=175) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=176) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=177) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=178) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=179) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=180) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=181) returned 0 [0136.099] GetLastError () returned 0x0 [0136.099] GetAsyncKeyState (vKey=182) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=183) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=184) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=185) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=186) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=187) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=188) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=189) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=190) returned 0 [0136.100] GetLastError () returned 0x0 [0136.100] GetAsyncKeyState (vKey=191) returned 0 [0136.100] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=192) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=193) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=194) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=195) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=196) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=197) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=198) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=199) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=200) returned 0 [0136.101] GetLastError () returned 0x0 [0136.101] GetAsyncKeyState (vKey=201) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=202) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=203) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=204) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=205) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=206) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=207) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=208) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=209) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=210) returned 0 [0136.102] GetLastError () returned 0x0 [0136.102] GetAsyncKeyState (vKey=211) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=212) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=213) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=214) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=215) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=216) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=217) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=218) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=219) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=220) returned 0 [0136.103] GetLastError () returned 0x0 [0136.103] GetAsyncKeyState (vKey=221) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=222) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=223) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=224) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=225) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=226) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=227) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=228) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=229) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=230) returned 0 [0136.104] GetLastError () returned 0x0 [0136.104] GetAsyncKeyState (vKey=231) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=232) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=233) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=234) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=235) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=236) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=237) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=238) returned 0 [0136.105] GetLastError () returned 0x0 [0136.105] GetAsyncKeyState (vKey=239) returned 0 [0136.105] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=240) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=241) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=242) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=243) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=244) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=245) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=246) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=247) returned 0 [0136.106] GetLastError () returned 0x0 [0136.106] GetAsyncKeyState (vKey=248) returned 0 [0136.106] GetLastError () returned 0x0 [0136.107] GetAsyncKeyState (vKey=249) returned 0 [0136.107] GetLastError () returned 0x0 [0145.199] GetKeyState (nVirtKey=16) returned 0 [0145.199] GetKeyState (nVirtKey=17) returned 0 [0145.199] GetKeyState (nVirtKey=18) returned 1 [0145.199] GetAsyncKeyState (vKey=1) returned 0 [0145.199] GetLastError () returned 0x0 [0145.199] GetKeyState (nVirtKey=16) returned 0 [0145.199] GetKeyState (nVirtKey=17) returned 0 [0145.199] GetKeyState (nVirtKey=18) returned 1 [0145.199] GetAsyncKeyState (vKey=2) returned 0 [0145.199] GetLastError () returned 0x0 [0145.199] GetKeyState (nVirtKey=16) returned 0 [0145.199] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=3) returned 0 [0145.200] GetLastError () returned 0x0 [0145.200] GetKeyState (nVirtKey=16) returned 0 [0145.200] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=4) returned 0 [0145.200] GetLastError () returned 0x0 [0145.200] GetKeyState (nVirtKey=16) returned 0 [0145.200] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=5) returned 0 [0145.200] GetLastError () returned 0x0 [0145.200] GetKeyState (nVirtKey=16) returned 0 [0145.200] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=6) returned 0 [0145.200] GetLastError () returned 0x0 [0145.200] GetKeyState (nVirtKey=16) returned 0 [0145.200] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=7) returned 0 [0145.200] GetLastError () returned 0x0 [0145.200] GetKeyState (nVirtKey=16) returned 0 [0145.200] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=8) returned 0 [0145.200] GetLastError () returned 0x0 [0145.200] GetKeyState (nVirtKey=16) returned 0 [0145.200] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=9) returned 0 [0145.200] GetLastError () returned 0x0 [0145.200] GetKeyState (nVirtKey=16) returned 0 [0145.200] GetKeyState (nVirtKey=17) returned 0 [0145.200] GetKeyState (nVirtKey=18) returned 1 [0145.200] GetAsyncKeyState (vKey=10) returned 0 [0145.200] GetLastError () returned 0x0 [0145.201] GetKeyState (nVirtKey=16) returned 0 [0145.201] GetKeyState (nVirtKey=17) returned 0 [0145.201] GetKeyState (nVirtKey=18) returned 1 [0145.201] GetAsyncKeyState (vKey=11) returned 0 [0145.201] GetLastError () returned 0x0 [0145.201] GetKeyState (nVirtKey=16) returned 0 [0145.201] GetKeyState (nVirtKey=17) returned 0 [0145.201] GetKeyState (nVirtKey=18) returned 1 [0145.201] GetAsyncKeyState (vKey=12) returned 0 [0145.201] GetLastError () returned 0x0 [0145.201] GetKeyState (nVirtKey=16) returned 0 [0145.201] GetKeyState (nVirtKey=17) returned 0 [0145.201] GetKeyState (nVirtKey=18) returned 1 [0145.201] GetAsyncKeyState (vKey=13) returned 0 [0145.201] GetLastError () returned 0x0 [0145.201] GetKeyState (nVirtKey=16) returned 0 [0145.201] GetKeyState (nVirtKey=17) returned 0 [0145.201] GetKeyState (nVirtKey=18) returned 1 [0145.201] GetAsyncKeyState (vKey=14) returned 0 [0145.201] GetLastError () returned 0x0 [0145.201] GetKeyState (nVirtKey=16) returned 0 [0145.201] GetKeyState (nVirtKey=17) returned 0 [0145.201] GetKeyState (nVirtKey=18) returned 1 [0145.201] GetAsyncKeyState (vKey=15) returned 0 [0145.201] GetLastError () returned 0x0 [0145.201] GetKeyState (nVirtKey=16) returned 0 [0145.201] GetKeyState (nVirtKey=17) returned 0 [0145.201] GetKeyState (nVirtKey=18) returned 1 [0145.201] GetAsyncKeyState (vKey=16) returned 0 [0145.201] GetLastError () returned 0x0 [0145.201] GetKeyState (nVirtKey=16) returned 0 [0145.201] GetKeyState (nVirtKey=17) returned 0 [0145.201] GetKeyState (nVirtKey=18) returned 1 [0145.201] GetAsyncKeyState (vKey=17) returned 0 [0145.202] GetLastError () returned 0x0 [0145.202] GetKeyState (nVirtKey=16) returned 0 [0145.202] GetKeyState (nVirtKey=17) returned 0 [0145.202] GetKeyState (nVirtKey=18) returned 1 [0145.202] GetAsyncKeyState (vKey=18) returned 0 [0145.202] GetLastError () returned 0x0 [0145.202] GetKeyState (nVirtKey=16) returned 0 [0145.202] GetKeyState (nVirtKey=17) returned 0 [0145.202] GetKeyState (nVirtKey=18) returned 1 [0145.202] GetAsyncKeyState (vKey=19) returned 0 [0145.202] GetLastError () returned 0x0 [0145.202] GetKeyState (nVirtKey=16) returned 0 [0145.202] GetKeyState (nVirtKey=17) returned 0 [0145.202] GetKeyState (nVirtKey=18) returned 1 [0145.202] GetAsyncKeyState (vKey=20) returned 0 [0145.202] GetLastError () returned 0x0 [0145.202] GetKeyState (nVirtKey=16) returned 0 [0145.202] GetKeyState (nVirtKey=17) returned 0 [0145.202] GetKeyState (nVirtKey=18) returned 1 [0145.202] GetAsyncKeyState (vKey=21) returned 0 [0145.202] GetLastError () returned 0x0 [0145.202] GetKeyState (nVirtKey=16) returned 0 [0145.202] GetKeyState (nVirtKey=17) returned 0 [0145.202] GetKeyState (nVirtKey=18) returned 1 [0145.202] GetAsyncKeyState (vKey=22) returned 0 [0145.202] GetLastError () returned 0x0 [0145.202] GetKeyState (nVirtKey=16) returned 0 [0145.202] GetKeyState (nVirtKey=17) returned 0 [0145.202] GetKeyState (nVirtKey=18) returned 1 [0145.202] GetAsyncKeyState (vKey=23) returned 0 [0145.202] GetLastError () returned 0x0 [0145.202] GetKeyState (nVirtKey=16) returned 0 [0145.202] GetKeyState (nVirtKey=17) returned 0 [0145.202] GetKeyState (nVirtKey=18) returned 1 [0145.202] GetAsyncKeyState (vKey=24) returned 0 [0145.203] GetLastError () returned 0x0 [0145.203] GetKeyState (nVirtKey=16) returned 0 [0145.203] GetKeyState (nVirtKey=17) returned 0 [0145.203] GetKeyState (nVirtKey=18) returned 1 [0145.203] GetAsyncKeyState (vKey=25) returned 0 [0145.203] GetLastError () returned 0x0 [0145.203] GetKeyState (nVirtKey=16) returned 0 [0145.203] GetKeyState (nVirtKey=17) returned 0 [0145.203] GetKeyState (nVirtKey=18) returned 1 [0145.203] GetAsyncKeyState (vKey=26) returned 0 [0145.203] GetLastError () returned 0x0 [0145.203] GetKeyState (nVirtKey=16) returned 0 [0145.203] GetKeyState (nVirtKey=17) returned 0 [0145.203] GetKeyState (nVirtKey=18) returned 1 [0145.203] GetAsyncKeyState (vKey=27) returned 0 [0145.203] GetLastError () returned 0x0 [0145.203] GetKeyState (nVirtKey=16) returned 0 [0145.203] GetKeyState (nVirtKey=17) returned 0 [0145.204] GetKeyState (nVirtKey=18) returned 1 [0145.204] GetAsyncKeyState (vKey=28) returned 0 [0145.204] GetLastError () returned 0x0 [0145.204] GetKeyState (nVirtKey=16) returned 0 [0145.204] GetKeyState (nVirtKey=17) returned 0 [0145.204] GetKeyState (nVirtKey=18) returned 1 [0145.204] GetAsyncKeyState (vKey=29) returned 0 [0145.204] GetLastError () returned 0x0 [0145.204] GetKeyState (nVirtKey=16) returned 0 [0145.204] GetKeyState (nVirtKey=17) returned 0 [0145.204] GetKeyState (nVirtKey=18) returned 1 [0145.204] GetAsyncKeyState (vKey=30) returned 0 [0145.204] GetLastError () returned 0x0 [0145.204] GetKeyState (nVirtKey=16) returned 0 [0145.204] GetKeyState (nVirtKey=17) returned 0 [0145.204] GetKeyState (nVirtKey=18) returned 1 [0145.204] GetAsyncKeyState (vKey=31) returned 0 [0145.204] GetLastError () returned 0x0 [0145.204] GetKeyState (nVirtKey=16) returned 0 [0145.204] GetKeyState (nVirtKey=17) returned 0 [0145.204] GetKeyState (nVirtKey=18) returned 1 [0145.204] GetAsyncKeyState (vKey=32) returned 0 [0145.204] GetLastError () returned 0x0 [0145.204] GetKeyState (nVirtKey=16) returned 0 [0145.204] GetKeyState (nVirtKey=17) returned 0 [0145.204] GetKeyState (nVirtKey=18) returned 1 [0145.204] GetAsyncKeyState (vKey=33) returned 0 [0145.204] GetLastError () returned 0x0 [0145.204] GetKeyState (nVirtKey=16) returned 0 [0145.204] GetKeyState (nVirtKey=17) returned 0 [0145.204] GetKeyState (nVirtKey=18) returned 1 [0145.204] GetAsyncKeyState (vKey=34) returned 0 [0145.205] GetLastError () returned 0x0 [0145.205] GetKeyState (nVirtKey=16) returned 0 [0145.205] GetKeyState (nVirtKey=17) returned 0 [0145.205] GetKeyState (nVirtKey=18) returned 1 [0145.205] GetAsyncKeyState (vKey=35) returned 0 [0145.205] GetLastError () returned 0x0 [0145.205] GetKeyState (nVirtKey=16) returned 0 [0145.205] GetKeyState (nVirtKey=17) returned 0 [0145.205] GetKeyState (nVirtKey=18) returned 1 [0145.205] GetAsyncKeyState (vKey=36) returned 0 [0145.205] GetLastError () returned 0x0 [0145.205] GetKeyState (nVirtKey=16) returned 0 [0145.205] GetKeyState (nVirtKey=17) returned 0 [0145.205] GetKeyState (nVirtKey=18) returned 1 [0145.205] GetAsyncKeyState (vKey=37) returned 0 [0145.205] GetLastError () returned 0x0 [0145.205] GetKeyState (nVirtKey=16) returned 0 [0145.205] GetKeyState (nVirtKey=17) returned 0 [0145.205] GetKeyState (nVirtKey=18) returned 1 [0145.205] GetAsyncKeyState (vKey=38) returned 0 [0145.205] GetLastError () returned 0x0 [0145.205] GetKeyState (nVirtKey=16) returned 0 [0145.205] GetKeyState (nVirtKey=17) returned 0 [0145.205] GetKeyState (nVirtKey=18) returned 1 [0145.205] GetAsyncKeyState (vKey=39) returned 0 [0145.205] GetLastError () returned 0x0 [0145.205] GetKeyState (nVirtKey=16) returned 0 [0145.205] GetKeyState (nVirtKey=17) returned 0 [0145.205] GetKeyState (nVirtKey=18) returned 1 [0145.206] GetAsyncKeyState (vKey=40) returned 0 [0145.206] GetLastError () returned 0x0 [0145.206] GetKeyState (nVirtKey=16) returned 0 [0145.206] GetKeyState (nVirtKey=17) returned 0 [0145.206] GetKeyState (nVirtKey=18) returned 1 [0145.206] GetAsyncKeyState (vKey=41) returned 0 [0145.206] GetLastError () returned 0x0 [0145.206] GetKeyState (nVirtKey=16) returned 0 [0145.206] GetKeyState (nVirtKey=17) returned 0 [0145.206] GetKeyState (nVirtKey=18) returned 1 [0145.206] GetAsyncKeyState (vKey=42) returned 0 [0145.206] GetLastError () returned 0x0 [0145.206] GetKeyState (nVirtKey=16) returned 0 [0145.206] GetKeyState (nVirtKey=17) returned 0 [0145.206] GetKeyState (nVirtKey=18) returned 1 [0145.206] GetAsyncKeyState (vKey=43) returned 0 [0145.206] GetLastError () returned 0x0 [0145.206] GetKeyState (nVirtKey=16) returned 0 [0145.206] GetKeyState (nVirtKey=17) returned 0 [0145.206] GetKeyState (nVirtKey=18) returned 1 [0145.206] GetAsyncKeyState (vKey=44) returned 0 [0145.206] GetLastError () returned 0x0 [0145.206] GetKeyState (nVirtKey=16) returned 0 [0145.206] GetKeyState (nVirtKey=17) returned 0 [0145.206] GetKeyState (nVirtKey=18) returned 1 [0145.206] GetAsyncKeyState (vKey=45) returned 0 [0145.206] GetLastError () returned 0x0 [0145.206] GetKeyState (nVirtKey=16) returned 0 [0145.206] GetKeyState (nVirtKey=17) returned 0 [0145.206] GetKeyState (nVirtKey=18) returned 1 [0145.207] GetAsyncKeyState (vKey=46) returned 0 [0145.207] GetLastError () returned 0x0 [0145.207] GetKeyState (nVirtKey=16) returned 0 [0145.207] GetKeyState (nVirtKey=17) returned 0 [0145.207] GetKeyState (nVirtKey=18) returned 1 [0145.207] GetAsyncKeyState (vKey=47) returned 0 [0145.207] GetLastError () returned 0x0 [0145.207] GetKeyState (nVirtKey=16) returned 0 [0145.207] GetKeyState (nVirtKey=17) returned 0 [0145.207] GetKeyState (nVirtKey=18) returned 1 [0145.207] GetAsyncKeyState (vKey=48) returned 0 [0145.207] GetLastError () returned 0x0 [0145.207] GetKeyState (nVirtKey=16) returned 0 [0145.207] GetKeyState (nVirtKey=17) returned 0 [0145.207] GetKeyState (nVirtKey=18) returned 1 [0145.207] GetAsyncKeyState (vKey=49) returned 0 [0145.207] GetLastError () returned 0x0 [0145.207] GetKeyState (nVirtKey=16) returned 0 [0145.207] GetKeyState (nVirtKey=17) returned 0 [0145.207] GetKeyState (nVirtKey=18) returned 1 [0145.207] GetAsyncKeyState (vKey=50) returned 0 [0145.207] GetLastError () returned 0x0 [0145.207] GetKeyState (nVirtKey=16) returned 0 [0145.207] GetKeyState (nVirtKey=17) returned 0 [0145.207] GetKeyState (nVirtKey=18) returned 1 [0145.207] GetAsyncKeyState (vKey=51) returned 0 [0145.207] GetLastError () returned 0x0 [0145.207] GetKeyState (nVirtKey=16) returned 0 [0145.207] GetKeyState (nVirtKey=17) returned 0 [0145.207] GetKeyState (nVirtKey=18) returned 1 [0145.208] GetAsyncKeyState (vKey=52) returned 0 [0145.208] GetLastError () returned 0x0 [0145.208] GetKeyState (nVirtKey=16) returned 0 [0145.208] GetKeyState (nVirtKey=17) returned 0 [0145.208] GetKeyState (nVirtKey=18) returned 1 [0145.208] GetAsyncKeyState (vKey=53) returned 0 [0145.208] GetLastError () returned 0x0 [0145.208] GetKeyState (nVirtKey=16) returned 0 [0145.208] GetKeyState (nVirtKey=17) returned 0 [0145.208] GetKeyState (nVirtKey=18) returned 1 [0145.208] GetAsyncKeyState (vKey=54) returned 0 [0145.208] GetLastError () returned 0x0 [0145.208] GetKeyState (nVirtKey=16) returned 0 [0145.208] GetKeyState (nVirtKey=17) returned 0 [0145.208] GetKeyState (nVirtKey=18) returned 1 [0145.208] GetAsyncKeyState (vKey=55) returned 0 [0145.208] GetLastError () returned 0x0 [0145.208] GetKeyState (nVirtKey=16) returned 0 [0145.208] GetKeyState (nVirtKey=17) returned 0 [0145.208] GetKeyState (nVirtKey=18) returned 1 [0145.208] GetAsyncKeyState (vKey=56) returned 0 [0145.208] GetLastError () returned 0x0 [0145.208] GetKeyState (nVirtKey=16) returned 0 [0145.208] GetKeyState (nVirtKey=17) returned 0 [0145.208] GetKeyState (nVirtKey=18) returned 1 [0145.208] GetAsyncKeyState (vKey=57) returned 0 [0145.208] GetLastError () returned 0x0 [0145.208] GetKeyState (nVirtKey=16) returned 0 [0145.208] GetKeyState (nVirtKey=17) returned 0 [0145.208] GetKeyState (nVirtKey=18) returned 1 [0145.209] GetAsyncKeyState (vKey=58) returned 0 [0145.209] GetLastError () returned 0x0 [0145.209] GetKeyState (nVirtKey=16) returned 0 [0145.209] GetKeyState (nVirtKey=17) returned 0 [0145.209] GetKeyState (nVirtKey=18) returned 1 [0145.209] GetAsyncKeyState (vKey=59) returned 0 [0145.209] GetLastError () returned 0x0 [0145.209] GetKeyState (nVirtKey=16) returned 0 [0145.209] GetKeyState (nVirtKey=17) returned 0 [0145.209] GetKeyState (nVirtKey=18) returned 1 [0145.209] GetAsyncKeyState (vKey=60) returned 0 [0145.209] GetLastError () returned 0x0 [0145.209] GetKeyState (nVirtKey=16) returned 0 [0145.209] GetKeyState (nVirtKey=17) returned 0 [0145.209] GetKeyState (nVirtKey=18) returned 1 [0145.209] GetAsyncKeyState (vKey=61) returned 0 [0145.209] GetLastError () returned 0x0 [0145.209] GetKeyState (nVirtKey=16) returned 0 [0145.209] GetKeyState (nVirtKey=17) returned 0 [0145.209] GetKeyState (nVirtKey=18) returned 1 [0145.209] GetAsyncKeyState (vKey=62) returned 0 [0145.209] GetLastError () returned 0x0 [0145.209] GetKeyState (nVirtKey=16) returned 0 [0145.209] GetKeyState (nVirtKey=17) returned 0 [0145.209] GetKeyState (nVirtKey=18) returned 1 [0145.209] GetAsyncKeyState (vKey=63) returned 0 [0145.209] GetLastError () returned 0x0 [0145.209] GetKeyState (nVirtKey=16) returned 0 [0145.209] GetKeyState (nVirtKey=17) returned 0 [0145.209] GetKeyState (nVirtKey=18) returned 1 [0145.209] GetAsyncKeyState (vKey=64) returned 0 [0145.210] GetLastError () returned 0x0 [0145.210] GetKeyState (nVirtKey=16) returned 0 [0145.210] GetKeyState (nVirtKey=17) returned 0 [0145.210] GetKeyState (nVirtKey=18) returned 1 [0145.210] GetAsyncKeyState (vKey=65) returned 0 [0145.210] GetLastError () returned 0x0 [0145.210] GetKeyState (nVirtKey=16) returned 0 [0145.210] GetKeyState (nVirtKey=17) returned 0 [0145.210] GetKeyState (nVirtKey=18) returned 1 [0145.210] GetAsyncKeyState (vKey=66) returned 0 [0145.210] GetLastError () returned 0x0 [0145.210] GetKeyState (nVirtKey=16) returned 0 [0145.210] GetKeyState (nVirtKey=17) returned 0 [0145.210] GetKeyState (nVirtKey=18) returned 1 [0145.210] GetAsyncKeyState (vKey=67) returned 0 [0145.210] GetLastError () returned 0x0 [0145.210] GetKeyState (nVirtKey=16) returned 0 [0145.210] GetKeyState (nVirtKey=17) returned 0 [0145.210] GetKeyState (nVirtKey=18) returned 1 [0145.210] GetAsyncKeyState (vKey=68) returned 0 [0145.210] GetLastError () returned 0x0 [0145.210] GetKeyState (nVirtKey=16) returned 0 [0145.210] GetKeyState (nVirtKey=17) returned 0 [0145.210] GetKeyState (nVirtKey=18) returned 1 [0145.210] GetAsyncKeyState (vKey=69) returned 0 [0145.210] GetLastError () returned 0x0 [0145.210] GetKeyState (nVirtKey=16) returned 0 [0145.210] GetKeyState (nVirtKey=17) returned 0 [0145.210] GetKeyState (nVirtKey=18) returned 1 [0145.210] GetAsyncKeyState (vKey=70) returned 0 [0145.211] GetLastError () returned 0x0 [0145.211] GetKeyState (nVirtKey=16) returned 0 [0145.211] GetKeyState (nVirtKey=17) returned 0 [0145.211] GetKeyState (nVirtKey=18) returned 1 [0145.211] GetAsyncKeyState (vKey=71) returned 0 [0145.211] GetLastError () returned 0x0 [0145.211] GetKeyState (nVirtKey=16) returned 0 [0145.211] GetKeyState (nVirtKey=17) returned 0 [0145.211] GetKeyState (nVirtKey=18) returned 1 [0145.211] GetAsyncKeyState (vKey=72) returned 0 [0145.211] GetLastError () returned 0x0 [0145.211] GetKeyState (nVirtKey=16) returned 0 [0145.211] GetKeyState (nVirtKey=17) returned 0 [0145.211] GetKeyState (nVirtKey=18) returned 1 [0145.211] GetAsyncKeyState (vKey=73) returned 0 [0145.211] GetLastError () returned 0x0 [0145.211] GetKeyState (nVirtKey=16) returned 0 [0145.211] GetKeyState (nVirtKey=17) returned 0 [0145.211] GetKeyState (nVirtKey=18) returned 1 [0145.211] GetAsyncKeyState (vKey=74) returned 0 [0145.211] GetLastError () returned 0x0 [0145.211] GetKeyState (nVirtKey=16) returned 0 [0145.211] GetKeyState (nVirtKey=17) returned 0 [0145.211] GetKeyState (nVirtKey=18) returned 1 [0145.211] GetAsyncKeyState (vKey=75) returned 0 [0145.211] GetLastError () returned 0x0 [0145.211] GetKeyState (nVirtKey=16) returned 0 [0145.211] GetKeyState (nVirtKey=17) returned 0 [0145.211] GetKeyState (nVirtKey=18) returned 1 [0145.211] GetAsyncKeyState (vKey=76) returned 0 [0145.212] GetLastError () returned 0x0 [0145.212] GetKeyState (nVirtKey=16) returned 0 [0145.212] GetKeyState (nVirtKey=17) returned 0 [0145.212] GetKeyState (nVirtKey=18) returned 1 [0145.212] GetAsyncKeyState (vKey=77) returned 0 [0145.212] GetLastError () returned 0x0 [0145.212] GetKeyState (nVirtKey=16) returned 0 [0145.212] GetKeyState (nVirtKey=17) returned 0 [0145.212] GetKeyState (nVirtKey=18) returned 1 [0145.212] GetAsyncKeyState (vKey=78) returned 0 [0145.212] GetLastError () returned 0x0 [0145.212] GetKeyState (nVirtKey=16) returned 0 [0145.212] GetKeyState (nVirtKey=17) returned 0 [0145.212] GetKeyState (nVirtKey=18) returned 1 [0145.212] GetAsyncKeyState (vKey=79) returned 0 [0145.212] GetLastError () returned 0x0 [0145.212] GetKeyState (nVirtKey=16) returned 0 [0145.212] GetKeyState (nVirtKey=17) returned 0 [0145.212] GetKeyState (nVirtKey=18) returned 1 [0145.212] GetAsyncKeyState (vKey=80) returned 0 [0145.212] GetLastError () returned 0x0 [0145.212] GetKeyState (nVirtKey=16) returned 0 [0145.212] GetKeyState (nVirtKey=17) returned 0 [0145.212] GetKeyState (nVirtKey=18) returned 1 [0145.212] GetAsyncKeyState (vKey=81) returned 0 [0145.212] GetLastError () returned 0x0 [0145.212] GetKeyState (nVirtKey=16) returned 0 [0145.212] GetKeyState (nVirtKey=17) returned 0 [0145.212] GetKeyState (nVirtKey=18) returned 1 [0145.212] GetAsyncKeyState (vKey=82) returned 0 [0145.213] GetLastError () returned 0x0 [0145.213] GetKeyState (nVirtKey=16) returned 0 [0145.213] GetKeyState (nVirtKey=17) returned 0 [0145.213] GetKeyState (nVirtKey=18) returned 1 [0145.213] GetAsyncKeyState (vKey=83) returned 0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.213] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.214] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.215] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.216] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.217] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.218] GetLastError () returned 0x0 [0145.219] GetLastError () returned 0x0 [0145.219] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.262] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.263] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.264] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.265] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.266] GetLastError () returned 0x0 [0145.267] GetLastError () returned 0x0 [0145.267] GetLastError () returned 0x0 [0145.267] GetLastError () returned 0x0 [0145.299] GetAsyncKeyState (vKey=0) returned 0 [0145.343] GetAsyncKeyState (vKey=0) returned 0 [0145.523] GetAsyncKeyState (vKey=0) returned 0 [0145.572] GetAsyncKeyState (vKey=0) returned 0 [0145.630] GetAsyncKeyState (vKey=0) returned 0 [0145.720] GetAsyncKeyState (vKey=0) returned 0 Process: id = "3" image_name = "netsh.exe" filename = "c:\\windows\\syswow64\\netsh.exe" page_root = "0x507d5000" os_pid = "0x125c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x11b8" cmd_line = "netsh firewall add allowedprogram \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" \"server.exe\" ENABLE" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 520 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 521 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 522 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 523 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 524 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 525 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 526 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 527 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 528 start_va = 0x910000 end_va = 0x911fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 529 start_va = 0x1530000 end_va = 0x154dfff monitored = 1 entry_point = 0x1539980 region_type = mapped_file name = "netsh.exe" filename = "\\Windows\\SysWOW64\\netsh.exe" (normalized: "c:\\windows\\syswow64\\netsh.exe") Region: id = 530 start_va = 0x1550000 end_va = 0x554ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001550000" filename = "" Region: id = 531 start_va = 0x77220000 end_va = 0x7739afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 532 start_va = 0x7edc0000 end_va = 0x7ede2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007edc0000" filename = "" Region: id = 533 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 534 start_va = 0x7fff0000 end_va = 0x7dfff079ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 535 start_va = 0x7dfff07a0000 end_va = 0x7ffff079ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfff07a0000" filename = "" Region: id = 536 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 537 start_va = 0x7ffff0961000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffff0961000" filename = "" Region: id = 538 start_va = 0x400000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 539 start_va = 0x656f0000 end_va = 0x6573ffff monitored = 0 entry_point = 0x65708180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 540 start_va = 0x65670000 end_va = 0x656e9fff monitored = 0 entry_point = 0x65683290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 541 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 542 start_va = 0x65740000 end_va = 0x65747fff monitored = 0 entry_point = 0x657417c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 543 start_va = 0x920000 end_va = 0xbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 544 start_va = 0x770a0000 end_va = 0x7717ffff monitored = 0 entry_point = 0x770b3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 545 start_va = 0x74920000 end_va = 0x74a9dfff monitored = 0 entry_point = 0x749d1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 546 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 547 start_va = 0x7ecc0000 end_va = 0x7edbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ecc0000" filename = "" Region: id = 625 start_va = 0x460000 end_va = 0x51dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 626 start_va = 0x75640000 end_va = 0x756fdfff monitored = 0 entry_point = 0x75675630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 627 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 628 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 629 start_va = 0x910000 end_va = 0x913fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 630 start_va = 0x74820000 end_va = 0x748b1fff monitored = 0 entry_point = 0x74858cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 631 start_va = 0x75420000 end_va = 0x755dcfff monitored = 0 entry_point = 0x75502a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 632 start_va = 0x75ad0000 end_va = 0x75b7cfff monitored = 0 entry_point = 0x75ae4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 633 start_va = 0x73f50000 end_va = 0x73f6dfff monitored = 0 entry_point = 0x73f5b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 634 start_va = 0x73f40000 end_va = 0x73f49fff monitored = 0 entry_point = 0x73f42a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 635 start_va = 0x755e0000 end_va = 0x75637fff monitored = 0 entry_point = 0x756225c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 636 start_va = 0x75900000 end_va = 0x75943fff monitored = 0 entry_point = 0x75919d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 637 start_va = 0x920000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 638 start_va = 0xad0000 end_va = 0xbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 639 start_va = 0x920000 end_va = 0xa09fff monitored = 0 entry_point = 0x95d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 640 start_va = 0xaa0000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 641 start_va = 0x75410000 end_va = 0x7541bfff monitored = 0 entry_point = 0x75413930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 642 start_va = 0x6eb30000 end_va = 0x6eb3afff monitored = 0 entry_point = 0x6eb34150 region_type = mapped_file name = "ifmon.dll" filename = "\\Windows\\SysWOW64\\ifmon.dll" (normalized: "c:\\windows\\syswow64\\ifmon.dll") Region: id = 643 start_va = 0x74db0000 end_va = 0x74e0efff monitored = 0 entry_point = 0x74db4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 644 start_va = 0x758c0000 end_va = 0x758f6fff monitored = 0 entry_point = 0x758c3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 645 start_va = 0x71540000 end_va = 0x7156efff monitored = 0 entry_point = 0x7154bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 646 start_va = 0x6eae0000 end_va = 0x6eb2ffff monitored = 0 entry_point = 0x6eb213b0 region_type = mapped_file name = "rasmontr.dll" filename = "\\Windows\\SysWOW64\\rasmontr.dll" (normalized: "c:\\windows\\syswow64\\rasmontr.dll") Region: id = 647 start_va = 0x75a50000 end_va = 0x75acafff monitored = 0 entry_point = 0x75a6e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 648 start_va = 0x74c10000 end_va = 0x74d56fff monitored = 0 entry_point = 0x74c21cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 649 start_va = 0x74250000 end_va = 0x7439efff monitored = 0 entry_point = 0x74306820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 650 start_va = 0x6ea60000 end_va = 0x6ead5fff monitored = 0 entry_point = 0x6eac36a0 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\SysWOW64\\mprapi.dll" (normalized: "c:\\windows\\syswow64\\mprapi.dll") Region: id = 651 start_va = 0x6e9b0000 end_va = 0x6ea54fff monitored = 0 entry_point = 0x6e9cac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 652 start_va = 0x6e840000 end_va = 0x6e886fff monitored = 0 entry_point = 0x6e8558d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 653 start_va = 0x6dad0000 end_va = 0x6dc01fff monitored = 1 entry_point = 0x6db0c0e0 region_type = mapped_file name = "mfc42u.dll" filename = "\\Windows\\SysWOW64\\mfc42u.dll" (normalized: "c:\\windows\\syswow64\\mfc42u.dll") Region: id = 654 start_va = 0x75950000 end_va = 0x75a3afff monitored = 0 entry_point = 0x7598d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 655 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 656 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 657 start_va = 0x620000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 658 start_va = 0x6e980000 end_va = 0x6e9a2fff monitored = 0 entry_point = 0x6e985570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 659 start_va = 0x71590000 end_va = 0x715aafff monitored = 0 entry_point = 0x71599050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 660 start_va = 0x6e8e0000 end_va = 0x6e978fff monitored = 0 entry_point = 0x6e918470 region_type = mapped_file name = "odbc32.dll" filename = "\\Windows\\SysWOW64\\odbc32.dll" (normalized: "c:\\windows\\syswow64\\odbc32.dll") Region: id = 661 start_va = 0x6e740000 end_va = 0x6e747fff monitored = 0 entry_point = 0x6e741d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 662 start_va = 0x720000 end_va = 0x8a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 663 start_va = 0x920000 end_va = 0x949fff monitored = 0 entry_point = 0x925680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 664 start_va = 0x757e0000 end_va = 0x7580afff monitored = 0 entry_point = 0x757e5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 665 start_va = 0xbd0000 end_va = 0xd50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 666 start_va = 0x5550000 end_va = 0x694ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005550000" filename = "" Region: id = 667 start_va = 0x920000 end_va = 0x924fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netsh.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\netsh.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\netsh.exe.mui") Region: id = 668 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 669 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 670 start_va = 0x930000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 671 start_va = 0x9b0000 end_va = 0x9b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mfc42u.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\MFC42u.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mfc42u.dll.mui") Region: id = 672 start_va = 0x6da70000 end_va = 0x6dacbfff monitored = 0 entry_point = 0x6dab86c0 region_type = mapped_file name = "authfwcfg.dll" filename = "\\Windows\\SysWOW64\\authfwcfg.dll" (normalized: "c:\\windows\\syswow64\\authfwcfg.dll") Region: id = 673 start_va = 0x748c0000 end_va = 0x7491dfff monitored = 0 entry_point = 0x748d7470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 674 start_va = 0x6e8b0000 end_va = 0x6e8dcfff monitored = 0 entry_point = 0x6e8bc010 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\SysWOW64\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\syswow64\\fwpolicyiomgr.dll") Region: id = 675 start_va = 0x72ce0000 end_va = 0x72d0bfff monitored = 0 entry_point = 0x72cf5ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 676 start_va = 0x6e8a0000 end_va = 0x6e8a6fff monitored = 0 entry_point = 0x6e8a2060 region_type = mapped_file name = "dhcpcmonitor.dll" filename = "\\Windows\\SysWOW64\\dhcpcmonitor.dll" (normalized: "c:\\windows\\syswow64\\dhcpcmonitor.dll") Region: id = 677 start_va = 0x6da50000 end_va = 0x6da63fff monitored = 0 entry_point = 0x6da53c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 678 start_va = 0x747b0000 end_va = 0x747b6fff monitored = 0 entry_point = 0x747b1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 679 start_va = 0x6da30000 end_va = 0x6da42fff monitored = 0 entry_point = 0x6da325d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 680 start_va = 0x6da10000 end_va = 0x6da21fff monitored = 0 entry_point = 0x6da1c8d0 region_type = mapped_file name = "dot3cfg.dll" filename = "\\Windows\\SysWOW64\\dot3cfg.dll" (normalized: "c:\\windows\\syswow64\\dot3cfg.dll") Region: id = 681 start_va = 0x6d9f0000 end_va = 0x6da08fff monitored = 0 entry_point = 0x6da00530 region_type = mapped_file name = "dot3api.dll" filename = "\\Windows\\SysWOW64\\dot3api.dll" (normalized: "c:\\windows\\syswow64\\dot3api.dll") Region: id = 682 start_va = 0x6d9b0000 end_va = 0x6d9e9fff monitored = 0 entry_point = 0x6d9d8740 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\SysWOW64\\onex.dll" (normalized: "c:\\windows\\syswow64\\onex.dll") Region: id = 683 start_va = 0x6d990000 end_va = 0x6d9a7fff monitored = 0 entry_point = 0x6d994820 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 684 start_va = 0x6d920000 end_va = 0x6d930fff monitored = 0 entry_point = 0x6d92a1f0 region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\SysWOW64\\eappprxy.dll" (normalized: "c:\\windows\\syswow64\\eappprxy.dll") Region: id = 685 start_va = 0x6d940000 end_va = 0x6d989fff monitored = 0 entry_point = 0x6d94a280 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\SysWOW64\\eappcfg.dll" (normalized: "c:\\windows\\syswow64\\eappcfg.dll") Region: id = 686 start_va = 0x9c0000 end_va = 0x9c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 687 start_va = 0x6d910000 end_va = 0x6d91efff monitored = 0 entry_point = 0x6d9192a0 region_type = mapped_file name = "fwcfg.dll" filename = "\\Windows\\SysWOW64\\fwcfg.dll" (normalized: "c:\\windows\\syswow64\\fwcfg.dll") Region: id = 688 start_va = 0x6d900000 end_va = 0x6d907fff monitored = 0 entry_point = 0x6d9028a0 region_type = mapped_file name = "hnetmon.dll" filename = "\\Windows\\SysWOW64\\hnetmon.dll" (normalized: "c:\\windows\\syswow64\\hnetmon.dll") Region: id = 689 start_va = 0x6d660000 end_va = 0x6d8f1fff monitored = 0 entry_point = 0x6d66e710 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\SysWOW64\\netshell.dll" (normalized: "c:\\windows\\syswow64\\netshell.dll") Region: id = 690 start_va = 0x74e30000 end_va = 0x74e74fff monitored = 0 entry_point = 0x74e4de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 691 start_va = 0x75ca0000 end_va = 0x7709efff monitored = 0 entry_point = 0x75e5b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 692 start_va = 0x74f10000 end_va = 0x75408fff monitored = 0 entry_point = 0x75117610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 693 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 694 start_va = 0x74d60000 end_va = 0x74da3fff monitored = 0 entry_point = 0x74d67410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 695 start_va = 0x74f00000 end_va = 0x74f0efff monitored = 0 entry_point = 0x74f02e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 696 start_va = 0x6d640000 end_va = 0x6d653fff monitored = 0 entry_point = 0x6d645a40 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 697 start_va = 0x6d610000 end_va = 0x6d63efff monitored = 0 entry_point = 0x6d633330 region_type = mapped_file name = "netiohlp.dll" filename = "\\Windows\\SysWOW64\\netiohlp.dll" (normalized: "c:\\windows\\syswow64\\netiohlp.dll") Region: id = 698 start_va = 0x70a80000 end_va = 0x70b03fff monitored = 0 entry_point = 0x70aa6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 699 start_va = 0x71440000 end_va = 0x71447fff monitored = 0 entry_point = 0x71441fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 700 start_va = 0x6d600000 end_va = 0x6d60afff monitored = 0 entry_point = 0x6d606010 region_type = mapped_file name = "nshhttp.dll" filename = "\\Windows\\SysWOW64\\nshhttp.dll" (normalized: "c:\\windows\\syswow64\\nshhttp.dll") Region: id = 701 start_va = 0x6d5f0000 end_va = 0x6d5fafff monitored = 0 entry_point = 0x6d5f1b60 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\SysWOW64\\httpapi.dll" (normalized: "c:\\windows\\syswow64\\httpapi.dll") Region: id = 702 start_va = 0x6d580000 end_va = 0x6d5e2fff monitored = 0 entry_point = 0x6d5d6c70 region_type = mapped_file name = "nshipsec.dll" filename = "\\Windows\\SysWOW64\\nshipsec.dll" (normalized: "c:\\windows\\syswow64\\nshipsec.dll") Region: id = 703 start_va = 0x740d0000 end_va = 0x74247fff monitored = 0 entry_point = 0x74128a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 704 start_va = 0x75810000 end_va = 0x7581dfff monitored = 0 entry_point = 0x75815410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 705 start_va = 0x73f70000 end_va = 0x73fc2fff monitored = 0 entry_point = 0x73f90a10 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 706 start_va = 0x6d560000 end_va = 0x6d578fff monitored = 0 entry_point = 0x6d5647e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 707 start_va = 0x6d520000 end_va = 0x6d55afff monitored = 0 entry_point = 0x6d527e00 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\SysWOW64\\activeds.dll" (normalized: "c:\\windows\\syswow64\\activeds.dll") Region: id = 708 start_va = 0x6d4d0000 end_va = 0x6d51afff monitored = 0 entry_point = 0x6d50fa00 region_type = mapped_file name = "polstore.dll" filename = "\\Windows\\SysWOW64\\polstore.dll" (normalized: "c:\\windows\\syswow64\\polstore.dll") Region: id = 709 start_va = 0x8b0000 end_va = 0x8b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 710 start_va = 0x6d4b0000 end_va = 0x6d4c3fff monitored = 0 entry_point = 0x6d4be400 region_type = mapped_file name = "winipsec.dll" filename = "\\Windows\\SysWOW64\\winipsec.dll" (normalized: "c:\\windows\\syswow64\\winipsec.dll") Region: id = 711 start_va = 0x6d470000 end_va = 0x6d4a7fff monitored = 0 entry_point = 0x6d48d280 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\SysWOW64\\adsldpc.dll" (normalized: "c:\\windows\\syswow64\\adsldpc.dll") Region: id = 712 start_va = 0x6d3d0000 end_va = 0x6d460fff monitored = 0 entry_point = 0x6d4420a0 region_type = mapped_file name = "nshwfp.dll" filename = "\\Windows\\SysWOW64\\nshwfp.dll" (normalized: "c:\\windows\\syswow64\\nshwfp.dll") Region: id = 713 start_va = 0x6d3a0000 end_va = 0x6d3c0fff monitored = 0 entry_point = 0x6d3abdb0 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll") Region: id = 714 start_va = 0x9d0000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 715 start_va = 0x6d360000 end_va = 0x6d390fff monitored = 0 entry_point = 0x6d387170 region_type = mapped_file name = "p2pnetsh.dll" filename = "\\Windows\\SysWOW64\\p2pnetsh.dll" (normalized: "c:\\windows\\syswow64\\p2pnetsh.dll") Region: id = 716 start_va = 0x6d330000 end_va = 0x6d35ffff monitored = 0 entry_point = 0x6d354320 region_type = mapped_file name = "p2p.dll" filename = "\\Windows\\SysWOW64\\P2P.dll" (normalized: "c:\\windows\\syswow64\\p2p.dll") Region: id = 717 start_va = 0x8c0000 end_va = 0x8c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 718 start_va = 0x6d320000 end_va = 0x6d32afff monitored = 0 entry_point = 0x6d325490 region_type = mapped_file name = "rpcnsh.dll" filename = "\\Windows\\SysWOW64\\rpcnsh.dll" (normalized: "c:\\windows\\syswow64\\rpcnsh.dll") Region: id = 719 start_va = 0x6d310000 end_va = 0x6d316fff monitored = 0 entry_point = 0x6d311e10 region_type = mapped_file name = "whhelper.dll" filename = "\\Windows\\SysWOW64\\whhelper.dll" (normalized: "c:\\windows\\syswow64\\whhelper.dll") Region: id = 720 start_va = 0x714a0000 end_va = 0x7153afff monitored = 0 entry_point = 0x714df7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 721 start_va = 0x6d2d0000 end_va = 0x6d30cfff monitored = 0 entry_point = 0x6d3004f0 region_type = mapped_file name = "wlancfg.dll" filename = "\\Windows\\SysWOW64\\wlancfg.dll" (normalized: "c:\\windows\\syswow64\\wlancfg.dll") Region: id = 722 start_va = 0x71250000 end_va = 0x71262fff monitored = 0 entry_point = 0x71259950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 723 start_va = 0x6d280000 end_va = 0x6d2ccfff monitored = 0 entry_point = 0x6d28d930 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\SysWOW64\\wlanapi.dll" (normalized: "c:\\windows\\syswow64\\wlanapi.dll") Region: id = 724 start_va = 0x6d250000 end_va = 0x6d279fff monitored = 0 entry_point = 0x6d26ee70 region_type = mapped_file name = "wifidisplay.dll" filename = "\\Windows\\SysWOW64\\WiFiDisplay.dll" (normalized: "c:\\windows\\syswow64\\wifidisplay.dll") Region: id = 725 start_va = 0x6d220000 end_va = 0x6d241fff monitored = 0 entry_point = 0x6d2291f0 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 726 start_va = 0x6d210000 end_va = 0x6d217fff monitored = 0 entry_point = 0x6d212d80 region_type = mapped_file name = "wshelper.dll" filename = "\\Windows\\SysWOW64\\wshelper.dll" (normalized: "c:\\windows\\syswow64\\wshelper.dll") Region: id = 727 start_va = 0x71450000 end_va = 0x7149efff monitored = 0 entry_point = 0x7145d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 728 start_va = 0x6d1c0000 end_va = 0x6d20cfff monitored = 0 entry_point = 0x6d1d6930 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\SysWOW64\\wevtapi.dll" (normalized: "c:\\windows\\syswow64\\wevtapi.dll") Region: id = 729 start_va = 0x6d160000 end_va = 0x6d1bafff monitored = 0 entry_point = 0x6d1adbe0 region_type = mapped_file name = "peerdistsh.dll" filename = "\\Windows\\SysWOW64\\PeerDistSh.dll" (normalized: "c:\\windows\\syswow64\\peerdistsh.dll") Region: id = 730 start_va = 0x6d150000 end_va = 0x6d158fff monitored = 0 entry_point = 0x6d151310 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll") Region: id = 731 start_va = 0x73e20000 end_va = 0x73e94fff monitored = 0 entry_point = 0x73e59a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 732 start_va = 0xd60000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 733 start_va = 0x9d0000 end_va = 0x9e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwcfg.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\fwcfg.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\fwcfg.dll.mui") Region: id = 734 start_va = 0xa50000 end_va = 0xa5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 735 start_va = 0x9f0000 end_va = 0x9f9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "p2pnetsh.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\p2pnetsh.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\p2pnetsh.dll.mui") Region: id = 736 start_va = 0x6d130000 end_va = 0x6d14afff monitored = 0 entry_point = 0x6d135020 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\SysWOW64\\wcmapi.dll" (normalized: "c:\\windows\\syswow64\\wcmapi.dll") Region: id = 737 start_va = 0x6d110000 end_va = 0x6d12efff monitored = 0 entry_point = 0x6d11c120 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\SysWOW64\\rmclient.dll" (normalized: "c:\\windows\\syswow64\\rmclient.dll") Region: id = 738 start_va = 0x8d0000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 739 start_va = 0xd60000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 740 start_va = 0xf50000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 741 start_va = 0x6d0f0000 end_va = 0x6d10efff monitored = 0 entry_point = 0x6d0f8a90 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 742 start_va = 0xf60000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 743 start_va = 0x1060000 end_va = 0x1396fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 744 start_va = 0xa00000 end_va = 0xa00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 745 start_va = 0x75700000 end_va = 0x75783fff monitored = 0 entry_point = 0x75726220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 746 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 747 start_va = 0xa60000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 749 start_va = 0xa60000 end_va = 0xa91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 756 start_va = 0xa60000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 763 start_va = 0xa60000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 766 start_va = 0xa20000 end_va = 0xa45fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 784 start_va = 0xa60000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 785 start_va = 0x13a0000 end_va = 0x149ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Thread: id = 15 os_tid = 0x1258 [0121.123] GetModuleHandleA (lpModuleName=0x0) returned 0x1530000 [0121.123] __set_app_type (_Type=0x1) [0121.123] __p__fmode () returned 0x756f4d6c [0121.123] __p__commode () returned 0x756f5b1c [0121.123] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1539bb0) returned 0x0 [0121.124] __wgetmainargs (in: _Argc=0x15433e8, _Argv=0x15433ec, _Env=0x15433f0, _DoWildCard=0, _StartInfo=0x15433fc | out: _Argc=0x15433e8, _Argv=0x15433ec, _Env=0x15433f0) returned 0 [0121.125] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0121.125] GetModuleHandleW (lpModuleName=0x0) returned 0x1530000 [0121.126] _vsnwprintf (in: _Buffer=0x1544ae0, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x187730 | out: _Buffer="netsh>") returned 6 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad0598 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6ed0 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad7530 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad7168 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad7178 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6f30 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6f40 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6f50 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6f60 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6f70 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6f80 [0121.126] GetProcessHeap () returned 0xad0000 [0121.126] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6f90 [0121.126] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6900 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6910 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad6920 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e60 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e30 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8ec0 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f80 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e10 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f10 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8ed0 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e50 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8ee0 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e40 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8ef0 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e70 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e80 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f20 [0121.127] GetProcessHeap () returned 0xad0000 [0121.127] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f60 [0121.127] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8df0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f30 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8de0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f40 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8eb0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f00 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f50 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e90 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f90 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e00 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8ea0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8f70 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8dc0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8dd0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8e20 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad92e0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad91e0 [0121.128] GetProcessHeap () returned 0xad0000 [0121.128] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9240 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9280 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9330 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9340 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9380 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9350 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad92c0 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad91f0 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9360 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9370 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9200 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9270 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9300 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad92b0 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9230 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9290 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad92a0 [0121.129] GetProcessHeap () returned 0xad0000 [0121.129] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9210 [0121.130] GetProcessHeap () returned 0xad0000 [0121.130] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9310 [0121.130] GetProcessHeap () returned 0xad0000 [0121.130] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9220 [0121.130] GetProcessHeap () returned 0xad0000 [0121.130] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad92d0 [0121.130] GetProcessHeap () returned 0xad0000 [0121.130] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad92f0 [0121.130] GetProcessHeap () returned 0xad0000 [0121.130] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9250 [0121.130] GetProcessHeap () returned 0xad0000 [0121.130] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9320 [0121.130] GetProcessHeap () returned 0xad0000 [0121.130] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9390 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9260 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad91d0 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9010 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad90b0 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9000 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9190 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9110 [0121.132] GetProcessHeap () returned 0xad0000 [0121.132] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad90c0 [0121.132] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9120 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8fe0 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9020 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad91b0 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9160 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9130 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9030 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad91c0 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9140 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9040 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad91a0 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9060 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8fd0 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad90e0 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad8ff0 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9050 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9090 [0121.133] GetProcessHeap () returned 0xad0000 [0121.133] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9170 [0121.133] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad90f0 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9150 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9100 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9070 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9080 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9180 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad90a0 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad90d0 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9468 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad95b8 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad94e8 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9508 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9568 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad94c8 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9498 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9408 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9478 [0121.134] GetProcessHeap () returned 0xad0000 [0121.134] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9578 [0121.134] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9488 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9598 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad93d8 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9528 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad94a8 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad95c8 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9458 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad94d8 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9518 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9538 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9438 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad94f8 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad94b8 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9548 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad95a8 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9558 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9588 [0121.135] GetProcessHeap () returned 0xad0000 [0121.135] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad93e8 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad93f8 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9428 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9418 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9448 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad96b8 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9788 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9758 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9768 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9628 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad96f8 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9798 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9668 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9778 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9648 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad95d8 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad96d8 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9678 [0121.136] GetProcessHeap () returned 0xad0000 [0121.136] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9738 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9698 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9748 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9688 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad95e8 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9708 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad95f8 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9608 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9618 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9638 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9658 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad96a8 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad96c8 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad96e8 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9718 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9728 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a50 [0121.137] GetProcessHeap () returned 0xad0000 [0121.137] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b50 [0121.137] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b90 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a90 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9aa0 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9af0 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b80 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9ab0 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b40 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a40 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b20 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a10 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b10 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9ac0 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a60 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a70 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b70 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a20 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b60 [0121.138] GetProcessHeap () returned 0xad0000 [0121.138] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a80 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9ae0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b00 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9ba0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9ad0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9b30 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad99e0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad99f0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a00 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9a30 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad98d0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad97e0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9830 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9950 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9920 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9820 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad98e0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.139] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad98c0 [0121.139] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9850 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad98f0 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9810 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad99a0 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad98b0 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad98a0 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xad9900 [0121.140] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0121.140] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x14) returned 0xad6930 [0121.140] memcpy (in: _Dst=0xad6930, _Src=0x0, _Size=0x0 | out: _Dst=0xad6930) returned 0xad6930 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x2) returned 0xad9800 [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x14) returned 0xad6950 [0121.140] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0121.140] GetProcessHeap () returned 0xad0000 [0121.140] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0121.141] GetProcessHeap () returned 0xad0000 [0121.141] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xad6698 [0121.141] memcpy (in: _Dst=0xad6698, _Src=0x0, _Size=0x0 | out: _Dst=0xad6698) returned 0xad6698 [0121.141] GetProcessHeap () returned 0xad0000 [0121.141] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0121.141] GetProcessHeap () returned 0xad0000 [0121.141] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xad6838 [0121.141] memcpy (in: _Dst=0xad6838, _Src=0xad6698, _Size=0x48 | out: _Dst=0xad6838) returned 0xad6838 [0121.141] GetProcessHeap () returned 0xad0000 [0121.141] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6698) returned 1 [0121.141] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-0.dll", hFile=0x0, dwFlags=0x8) returned 0x75410000 [0121.147] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x187728 | out: phkResult=0x187728*=0xcc) returned 0x0 [0121.148] RegQueryInfoKeyW (in: hKey=0xcc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x187724, lpcbMaxValueNameLen=0x18771c, lpcbMaxValueLen=0x187720, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x187724*=0x11, lpcbMaxValueNameLen=0x18771c, lpcbMaxValueLen=0x187720, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0121.148] GetProcessHeap () returned 0xad0000 [0121.148] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x8, Size=0x16) returned 0xad66f0 [0121.148] GetProcessHeap () returned 0xad0000 [0121.148] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x8, Size=0x23) returned 0xad2858 [0121.148] RegEnumValueW (in: hKey=0xcc, dwIndex=0x0, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="2", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0121.148] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0121.148] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0121.148] GetProcessHeap () returned 0xad0000 [0121.148] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x28) returned 0xad2888 [0121.148] memcpy (in: _Dst=0xad2888, _Src=0xad6930, _Size=0x14 | out: _Dst=0xad2888) returned 0xad2888 [0121.148] GetProcessHeap () returned 0xad0000 [0121.148] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x4) returned 0xad9840 [0121.148] GetProcessHeap () returned 0xad0000 [0121.148] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x14) returned 0xad6fb8 [0121.148] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0121.148] GetProcessHeap () returned 0xad0000 [0121.148] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6930) returned 1 [0121.148] LoadLibraryExW (lpLibFileName="IFMON.DLL", hFile=0x0, dwFlags=0x0) returned 0x6eb30000 [0121.186] GetProcAddress (hModule=0x6eb30000, lpProcName="InitHelperDll") returned 0x6eb31ab0 [0121.186] InitHelperDll () returned 0x0 [0121.193] RegisterHelper () returned 0x0 [0121.193] GetProcessHeap () returned 0xad0000 [0121.193] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd8) returned 0xae1420 [0121.193] memcpy (in: _Dst=0xae1420, _Src=0xad6838, _Size=0x90 | out: _Dst=0xae1420) returned 0xae1420 [0121.193] GetProcessHeap () returned 0xad0000 [0121.193] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6838) returned 1 [0121.193] RegEnumValueW (in: hKey=0xcc, dwIndex=0x1, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="4", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0121.194] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0121.196] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0121.196] GetProcessHeap () returned 0xad0000 [0121.196] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x3c) returned 0xad6838 [0121.196] memcpy (in: _Dst=0xad6838, _Src=0xad2888, _Size=0x28 | out: _Dst=0xad6838) returned 0xad6838 [0121.196] GetProcessHeap () returned 0xad0000 [0121.196] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x4) returned 0xad9860 [0121.196] GetProcessHeap () returned 0xad0000 [0121.196] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1a) returned 0xae0568 [0121.196] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0121.196] GetProcessHeap () returned 0xad0000 [0121.197] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad2888) returned 1 [0121.197] LoadLibraryExW (lpLibFileName="RASMONTR.DLL", hFile=0x0, dwFlags=0x0) returned 0x6eae0000 [0121.823] LoadLibraryExA (lpLibFileName="MSVCRT.DLL", hFile=0x0, dwFlags=0x800) returned 0x75640000 [0121.823] GetVersion () returned 0x295a000a [0121.823] SetErrorMode (uMode=0x0) returned 0x0 [0121.823] SetErrorMode (uMode=0x8001) returned 0x0 [0121.823] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0xae5b70 [0121.825] LocalFree (hMem=0xae5b70) returned 0x0 [0121.826] GetVersion () returned 0x295a000a [0121.829] GlobalLock (hMem=0x930004) returned 0xae5b70 [0121.829] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0xae5c80 [0121.829] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0xae1e58 [0121.829] LocalAlloc (uFlags=0x0, uBytes=0x8) returned 0xad9990 [0121.830] malloc (_Size=0x80) returned 0xaa3aa0 [0121.830] __dllonexit () returned 0x6db16fa0 [0121.831] __dllonexit () returned 0x6db16f40 [0121.831] __dllonexit () returned 0x6db16f60 [0121.831] __dllonexit () returned 0x6db16f80 [0121.831] __dllonexit () returned 0x6daf1650 [0121.831] __dllonexit () returned 0x6daf1640 [0121.831] __dllonexit () returned 0x6daf1680 [0121.831] __dllonexit () returned 0x6daf16d0 [0121.831] __dllonexit () returned 0x6daf17b0 [0121.831] __dllonexit () returned 0x6daf17d0 [0121.832] __dllonexit () returned 0x6daf1830 [0121.832] __dllonexit () returned 0x6daf18f0 [0121.832] __dllonexit () returned 0x6daf1700 [0121.832] __dllonexit () returned 0x6db17000 [0121.832] __dllonexit () returned 0x6daf1720 [0121.832] __dllonexit () returned 0x6daf18a0 [0121.832] __dllonexit () returned 0x6daf18c0 [0121.832] __dllonexit () returned 0x6daf1910 [0121.832] __dllonexit () returned 0x6daf1950 [0121.832] __dllonexit () returned 0x6daf1940 [0121.833] __dllonexit () returned 0x6daf1970 [0121.833] __dllonexit () returned 0x6daf1990 [0121.833] __dllonexit () returned 0x6daf19c0 [0121.833] __dllonexit () returned 0x6daf1a40 [0121.833] __dllonexit () returned 0x6daf1560 [0121.833] __dllonexit () returned 0x6daf1570 [0121.833] __dllonexit () returned 0x6daf1550 [0121.835] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc1df [0121.835] __dllonexit () returned 0x6db16fe0 [0121.836] __dllonexit () returned 0x6db16fc0 [0121.836] __dllonexit () returned 0x6db16ff0 [0121.836] __dllonexit () returned 0x6db16fd0 [0121.836] GetVersion () returned 0x295a000a [0121.836] GetVersion () returned 0x295a000a [0121.836] GetVersion () returned 0x295a000a [0121.836] __dllonexit () returned 0x6db0a5a0 [0121.836] __dllonexit () returned 0x6db0a5c0 [0121.836] __dllonexit () returned 0x6daf1740 [0121.837] __dllonexit () returned 0x6daf17f0 [0121.837] __dllonexit () returned 0x6daf1800 [0121.837] __dllonexit () returned 0x6db0a3b0 [0121.837] GetVersion () returned 0x295a000a [0121.837] GetProcessVersion (ProcessId=0x0) returned 0xa0000 [0121.837] GetSystemMetrics (nIndex=11) returned 32 [0121.837] GetSystemMetrics (nIndex=12) returned 32 [0121.837] GetSystemMetrics (nIndex=2) returned 17 [0121.837] GetSystemMetrics (nIndex=3) returned 17 [0121.837] GetDC (hWnd=0x0) returned 0x170106c0 [0121.838] GetDeviceCaps (hdc=0x170106c0, index=88) returned 96 [0121.838] GetDeviceCaps (hdc=0x170106c0, index=90) returned 96 [0121.838] ReleaseDC (hWnd=0x0, hDC=0x170106c0) returned 1 [0121.838] GetSysColor (nIndex=15) returned 0xf0f0f0 [0121.838] GetSysColor (nIndex=16) returned 0xa0a0a0 [0121.838] GetSysColor (nIndex=20) returned 0xffffff [0121.838] GetSysColor (nIndex=18) returned 0x0 [0121.838] GetSysColor (nIndex=6) returned 0x646464 [0121.838] GetSysColorBrush (nIndex=15) returned 0x1100074 [0121.838] GetSysColorBrush (nIndex=6) returned 0x110007c [0121.838] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0121.838] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0121.838] __dllonexit () returned 0x6daf1870 [0121.839] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc1db [0121.839] __dllonexit () returned 0x6db0a3a0 [0121.839] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0121.840] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0121.840] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0121.840] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0121.840] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0121.840] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0121.840] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0121.840] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0121.840] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0121.840] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0121.840] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0da [0121.840] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0e3 [0121.841] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc1db [0121.841] __dllonexit () returned 0x6db17010 [0121.841] __dllonexit () returned 0x6db17030 [0121.841] __dllonexit () returned 0x6db17040 [0121.841] __dllonexit () returned 0x6db17050 [0121.841] __dllonexit () returned 0x6db17060 [0121.842] GetCursorPos (in: lpPoint=0x6dbd8298 | out: lpPoint=0x6dbd8298*(x=466, y=440)) returned 1 [0121.842] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0xae5e00 [0121.842] LocalReAlloc (hMem=0xad9990, uBytes=0xc, uFlags=0x2) returned 0xae1b68 [0121.842] GetCurrentThread () returned 0xfffffffe [0121.842] GetCurrentThreadId () returned 0x1258 [0121.842] __dllonexit () returned 0x6daf1a50 [0121.844] SetErrorMode (uMode=0x0) returned 0x8001 [0121.844] SetErrorMode (uMode=0x8001) returned 0x0 [0121.844] GetModuleFileNameW (in: hModule=0x6dad0000, lpFilename=0x186f20, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MFC42u.dll" (normalized: "c:\\windows\\syswow64\\mfc42u.dll")) returned 0x1e [0121.844] wcscpy_s (in: _Destination=0x186d18, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0121.844] FindResourceW (hModule=0x6dad0000, lpName=0xe01, lpType=0x6) returned 0x9b0db0 [0121.853] LoadStringW (in: hInstance=0x6dad0000, uID=0xe000, lpBuffer=0x186b18, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0121.853] wcscpy_s (in: _Destination=0x186f54, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0121.854] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0121.856] malloc (_Size=0x40) returned 0xaa3c28 [0121.857] LocalAlloc (uFlags=0x40, uBytes=0x2090) returned 0xae5e90 [0121.857] GetSystemDirectoryA (in: lpBuffer=0x18716c, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0121.857] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0121.857] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0121.857] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0121.857] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0121.950] GetProcAddress (hModule=0x6eae0000, lpProcName="InitHelperDll") returned 0x6eb045a0 [0121.951] InitHelperDll () returned 0x0 [0121.951] RegisterHelper () returned 0x0 [0121.951] GetProcessHeap () returned 0xad0000 [0121.951] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x120) returned 0xae1850 [0121.951] memcpy (in: _Dst=0xae1850, _Src=0xae1420, _Size=0xd8 | out: _Dst=0xae1850) returned 0xae1850 [0121.951] GetProcessHeap () returned 0xad0000 [0121.952] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae1420) returned 1 [0121.952] RegisterHelper () returned 0x0 [0121.952] GetProcessHeap () returned 0xad0000 [0121.952] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x168) returned 0xae22c8 [0121.952] memcpy (in: _Dst=0xae22c8, _Src=0xae1850, _Size=0x120 | out: _Dst=0xae22c8) returned 0xae22c8 [0121.952] GetProcessHeap () returned 0xad0000 [0121.953] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae1850) returned 1 [0121.955] RegisterHelper () returned 0x0 [0121.955] GetProcessHeap () returned 0xad0000 [0121.955] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1b0) returned 0xae7f28 [0121.955] memcpy (in: _Dst=0xae7f28, _Src=0xae22c8, _Size=0x168 | out: _Dst=0xae7f28) returned 0xae7f28 [0121.955] GetProcessHeap () returned 0xad0000 [0121.955] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae22c8) returned 1 [0121.955] RegisterHelper () returned 0x0 [0121.955] GetProcessHeap () returned 0xad0000 [0121.955] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1f8) returned 0xae80e0 [0121.956] memcpy (in: _Dst=0xae80e0, _Src=0xae7f28, _Size=0x1b0 | out: _Dst=0xae80e0) returned 0xae80e0 [0121.956] GetProcessHeap () returned 0xad0000 [0121.956] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae7f28) returned 1 [0121.956] RegisterHelper () returned 0x0 [0121.956] GetProcessHeap () returned 0xad0000 [0121.956] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x240) returned 0xae82e0 [0121.956] memcpy (in: _Dst=0xae82e0, _Src=0xae80e0, _Size=0x1f8 | out: _Dst=0xae82e0) returned 0xae82e0 [0121.956] GetProcessHeap () returned 0xad0000 [0121.957] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae80e0) returned 1 [0121.957] RegEnumValueW (in: hKey=0xcc, dwIndex=0x2, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="authfwcfg", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0121.957] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0121.957] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0121.957] GetProcessHeap () returned 0xad0000 [0121.957] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x50) returned 0xae2050 [0121.957] memcpy (in: _Dst=0xae2050, _Src=0xad6838, _Size=0x3c | out: _Dst=0xae2050) returned 0xae2050 [0121.957] GetProcessHeap () returned 0xad0000 [0121.957] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x14) returned 0xad2888 [0121.957] GetProcessHeap () returned 0xad0000 [0121.957] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1c) returned 0xae04a0 [0121.957] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0121.957] GetProcessHeap () returned 0xad0000 [0121.958] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6838) returned 1 [0121.958] LoadLibraryExW (lpLibFileName="AUTHFWCFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x6da70000 [0122.045] GetProcAddress (hModule=0x6da70000, lpProcName="InitHelperDll") returned 0x6da73c40 [0122.046] InitHelperDll () returned 0x0 [0122.050] RegisterHelper () returned 0x0 [0122.050] GetProcessHeap () returned 0xad0000 [0122.050] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x288) returned 0xae7f28 [0122.050] memcpy (in: _Dst=0xae7f28, _Src=0xae82e0, _Size=0x240 | out: _Dst=0xae7f28) returned 0xae7f28 [0122.050] GetProcessHeap () returned 0xad0000 [0122.051] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae82e0) returned 1 [0122.051] RegisterHelper () returned 0x0 [0122.051] GetProcessHeap () returned 0xad0000 [0122.051] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x2d0) returned 0xae81b8 [0122.051] memcpy (in: _Dst=0xae81b8, _Src=0xae7f28, _Size=0x288 | out: _Dst=0xae81b8) returned 0xae81b8 [0122.051] GetProcessHeap () returned 0xad0000 [0122.051] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae7f28) returned 1 [0122.051] RegisterHelper () returned 0x0 [0122.051] GetProcessHeap () returned 0xad0000 [0122.051] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x318) returned 0xae9140 [0122.051] memcpy (in: _Dst=0xae9140, _Src=0xae81b8, _Size=0x2d0 | out: _Dst=0xae9140) returned 0xae9140 [0122.051] GetProcessHeap () returned 0xad0000 [0122.051] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae81b8) returned 1 [0122.051] RegisterHelper () returned 0x0 [0122.052] GetProcessHeap () returned 0xad0000 [0122.052] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x360) returned 0xae7f28 [0122.052] memcpy (in: _Dst=0xae7f28, _Src=0xae9140, _Size=0x318 | out: _Dst=0xae7f28) returned 0xae7f28 [0122.052] GetProcessHeap () returned 0xad0000 [0122.052] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae9140) returned 1 [0122.052] RegisterHelper () returned 0x0 [0122.052] GetProcessHeap () returned 0xad0000 [0122.052] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x3a8) returned 0xae9140 [0122.052] memcpy (in: _Dst=0xae9140, _Src=0xae7f28, _Size=0x360 | out: _Dst=0xae9140) returned 0xae9140 [0122.052] GetProcessHeap () returned 0xad0000 [0122.053] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae7f28) returned 1 [0122.053] RegEnumValueW (in: hKey=0xcc, dwIndex=0x3, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="dhcpclient", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.053] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0122.053] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0122.053] GetProcessHeap () returned 0xad0000 [0122.053] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x64) returned 0xae2208 [0122.053] memcpy (in: _Dst=0xae2208, _Src=0xae2050, _Size=0x50 | out: _Dst=0xae2208) returned 0xae2208 [0122.053] GetProcessHeap () returned 0xad0000 [0122.053] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xae8e00 [0122.053] GetProcessHeap () returned 0xad0000 [0122.053] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x22) returned 0xae0880 [0122.054] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0122.054] GetProcessHeap () returned 0xad0000 [0122.054] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae2050) returned 1 [0122.054] LoadLibraryExW (lpLibFileName="DHCPCMONITOR.DLL", hFile=0x0, dwFlags=0x0) returned 0x6e8a0000 [0122.105] GetProcAddress (hModule=0x6e8a0000, lpProcName="InitHelperDll") returned 0x6e8a1a10 [0122.105] InitHelperDll () returned 0x0 [0122.105] RegisterHelper () returned 0x0 [0122.105] GetProcessHeap () returned 0xad0000 [0122.105] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x3f0) returned 0xae7f28 [0122.105] memcpy (in: _Dst=0xae7f28, _Src=0xae9140, _Size=0x3a8 | out: _Dst=0xae7f28) returned 0xae7f28 [0122.105] GetProcessHeap () returned 0xad0000 [0122.106] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae9140) returned 1 [0122.106] RegEnumValueW (in: hKey=0xcc, dwIndex=0x4, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="dot3cfg", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.106] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0122.106] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0122.106] GetProcessHeap () returned 0xad0000 [0122.106] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x78) returned 0xada610 [0122.106] memcpy (in: _Dst=0xada610, _Src=0xae2208, _Size=0x64 | out: _Dst=0xada610) returned 0xada610 [0122.106] GetProcessHeap () returned 0xad0000 [0122.106] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x10) returned 0xae8780 [0122.106] GetProcessHeap () returned 0xad0000 [0122.106] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x18) returned 0xae90c0 [0122.106] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0122.106] GetProcessHeap () returned 0xad0000 [0122.107] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae2208) returned 1 [0122.107] LoadLibraryExW (lpLibFileName="DOT3CFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x6da10000 [0122.236] GetProcAddress (hModule=0x6da10000, lpProcName="InitHelperDll") returned 0x6da13aa0 [0122.236] InitHelperDll () returned 0x0 [0122.237] RegisterHelper () returned 0x0 [0122.237] GetProcessHeap () returned 0xad0000 [0122.237] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x438) returned 0xaee510 [0122.237] memcpy (in: _Dst=0xaee510, _Src=0xae7f28, _Size=0x3f0 | out: _Dst=0xaee510) returned 0xaee510 [0122.237] GetProcessHeap () returned 0xad0000 [0122.237] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae7f28) returned 1 [0122.238] RegEnumValueW (in: hKey=0xcc, dwIndex=0x5, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="fwcfg", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.238] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0122.238] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0122.238] GetProcessHeap () returned 0xad0000 [0122.238] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8c) returned 0xae2128 [0122.238] memcpy (in: _Dst=0xae2128, _Src=0xada610, _Size=0x78 | out: _Dst=0xae2128) returned 0xae2128 [0122.238] GetProcessHeap () returned 0xad0000 [0122.238] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xae8678 [0122.238] GetProcessHeap () returned 0xad0000 [0122.238] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x14) returned 0xae8fc0 [0122.238] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0122.238] GetProcessHeap () returned 0xad0000 [0122.238] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xada610) returned 1 [0122.238] LoadLibraryExW (lpLibFileName="FWCFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d910000 [0122.262] GetProcAddress (hModule=0x6d910000, lpProcName="InitHelperDll") returned 0x6d912290 [0122.262] InitHelperDll () returned 0x0 [0122.262] RegisterHelper () returned 0x0 [0122.262] GetProcessHeap () returned 0xad0000 [0122.262] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x480) returned 0xae7f28 [0122.262] memcpy (in: _Dst=0xae7f28, _Src=0xaee510, _Size=0x438 | out: _Dst=0xae7f28) returned 0xae7f28 [0122.262] GetProcessHeap () returned 0xad0000 [0122.262] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaee510) returned 1 [0122.263] RegEnumValueW (in: hKey=0xcc, dwIndex=0x6, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="hnetmon", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.263] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0122.263] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0122.263] GetProcessHeap () returned 0xad0000 [0122.263] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xa0) returned 0xaeba08 [0122.263] memcpy (in: _Dst=0xaeba08, _Src=0xae2128, _Size=0x8c | out: _Dst=0xaeba08) returned 0xaeba08 [0122.263] GetProcessHeap () returned 0xad0000 [0122.263] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x10) returned 0xae87f8 [0122.263] GetProcessHeap () returned 0xad0000 [0122.263] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x18) returned 0xae8f20 [0122.263] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0122.263] GetProcessHeap () returned 0xad0000 [0122.263] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae2128) returned 1 [0122.263] LoadLibraryExW (lpLibFileName="HNETMON.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d900000 [0122.496] GetProcAddress (hModule=0x6d900000, lpProcName="InitHelperDll") returned 0x6d9024b0 [0122.496] InitHelperDll () returned 0x0 [0122.496] RegisterHelper () returned 0x0 [0122.496] GetProcessHeap () returned 0xad0000 [0122.496] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x4c8) returned 0xaee918 [0122.496] memcpy (in: _Dst=0xaee918, _Src=0xae7f28, _Size=0x480 | out: _Dst=0xaee918) returned 0xaee918 [0122.496] GetProcessHeap () returned 0xad0000 [0122.497] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae7f28) returned 1 [0122.497] RegEnumValueW (in: hKey=0xcc, dwIndex=0x7, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="netiohlp", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.497] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0122.497] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0122.497] GetProcessHeap () returned 0xad0000 [0122.497] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xb4) returned 0xae22c8 [0122.497] memcpy (in: _Dst=0xae22c8, _Src=0xaeba08, _Size=0xa0 | out: _Dst=0xae22c8) returned 0xae22c8 [0122.497] GetProcessHeap () returned 0xad0000 [0122.497] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xae90e0 [0122.497] GetProcessHeap () returned 0xad0000 [0122.497] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1a) returned 0xae02c0 [0122.497] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0122.497] GetProcessHeap () returned 0xad0000 [0122.497] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaeba08) returned 1 [0122.497] LoadLibraryExW (lpLibFileName="NETIOHLP.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d610000 [0122.546] GetProcAddress (hModule=0x6d610000, lpProcName="InitHelperDll") returned 0x6d6269d0 [0122.546] InitHelperDll () returned 0x0 [0122.546] RegisterHelper () returned 0x0 [0122.546] GetProcessHeap () returned 0xad0000 [0122.547] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x510) returned 0xae7f28 [0122.547] memcpy (in: _Dst=0xae7f28, _Src=0xaee918, _Size=0x4c8 | out: _Dst=0xae7f28) returned 0xae7f28 [0122.547] GetProcessHeap () returned 0xad0000 [0122.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaee918) returned 1 [0122.547] RegisterHelper () returned 0x0 [0122.547] GetProcessHeap () returned 0xad0000 [0122.547] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x558) returned 0xaee918 [0122.548] memcpy (in: _Dst=0xaee918, _Src=0xae7f28, _Size=0x510 | out: _Dst=0xaee918) returned 0xaee918 [0122.548] GetProcessHeap () returned 0xad0000 [0122.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae7f28) returned 1 [0122.548] RegisterHelper () returned 0x0 [0122.548] GetProcessHeap () returned 0xad0000 [0122.548] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x5a0) returned 0xae7f28 [0122.548] memcpy (in: _Dst=0xae7f28, _Src=0xaee918, _Size=0x558 | out: _Dst=0xae7f28) returned 0xae7f28 [0122.548] GetProcessHeap () returned 0xad0000 [0122.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaee918) returned 1 [0122.549] RegisterHelper () returned 0x0 [0122.549] GetProcessHeap () returned 0xad0000 [0122.549] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x5e8) returned 0xaee918 [0122.549] memcpy (in: _Dst=0xaee918, _Src=0xae7f28, _Size=0x5a0 | out: _Dst=0xaee918) returned 0xaee918 [0122.549] GetProcessHeap () returned 0xad0000 [0122.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae7f28) returned 1 [0122.549] RegisterHelper () returned 0x0 [0122.549] GetProcessHeap () returned 0xad0000 [0122.549] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x630) returned 0xaeef08 [0122.549] memcpy (in: _Dst=0xaeef08, _Src=0xaee918, _Size=0x5e8 | out: _Dst=0xaeef08) returned 0xaeef08 [0122.550] GetProcessHeap () returned 0xad0000 [0122.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaee918) returned 1 [0122.550] RegisterHelper () returned 0x0 [0122.550] GetProcessHeap () returned 0xad0000 [0122.550] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x678) returned 0xaef540 [0122.550] memcpy (in: _Dst=0xaef540, _Src=0xaeef08, _Size=0x630 | out: _Dst=0xaef540) returned 0xaef540 [0122.550] GetProcessHeap () returned 0xad0000 [0122.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaeef08) returned 1 [0122.551] RegisterHelper () returned 0x0 [0122.551] GetProcessHeap () returned 0xad0000 [0122.551] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x6c0) returned 0xaee918 [0122.551] memcpy (in: _Dst=0xaee918, _Src=0xaef540, _Size=0x678 | out: _Dst=0xaee918) returned 0xaee918 [0122.551] GetProcessHeap () returned 0xad0000 [0122.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaef540) returned 1 [0122.552] RegisterHelper () returned 0x0 [0122.552] GetProcessHeap () returned 0xad0000 [0122.552] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x708) returned 0xaeefe0 [0122.552] memcpy (in: _Dst=0xaeefe0, _Src=0xaee918, _Size=0x6c0 | out: _Dst=0xaeefe0) returned 0xaeefe0 [0122.552] GetProcessHeap () returned 0xad0000 [0122.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaee918) returned 1 [0122.553] RegisterHelper () returned 0x0 [0122.553] GetProcessHeap () returned 0xad0000 [0122.553] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x750) returned 0xaef6f0 [0122.553] memcpy (in: _Dst=0xaef6f0, _Src=0xaeefe0, _Size=0x708 | out: _Dst=0xaef6f0) returned 0xaef6f0 [0122.553] GetProcessHeap () returned 0xad0000 [0122.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaeefe0) returned 1 [0122.554] RegEnumValueW (in: hKey=0xcc, dwIndex=0x8, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="nshhttp", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.554] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0122.554] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0122.554] GetProcessHeap () returned 0xad0000 [0122.554] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc8) returned 0xaee008 [0122.554] memcpy (in: _Dst=0xaee008, _Src=0xae22c8, _Size=0xb4 | out: _Dst=0xaee008) returned 0xaee008 [0122.554] GetProcessHeap () returned 0xad0000 [0122.554] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x10) returned 0xaee5a0 [0122.554] GetProcessHeap () returned 0xad0000 [0122.555] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x18) returned 0xae8f40 [0122.555] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0122.555] GetProcessHeap () returned 0xad0000 [0122.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae22c8) returned 1 [0122.555] LoadLibraryExW (lpLibFileName="NSHHTTP.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d600000 [0122.592] GetProcAddress (hModule=0x6d600000, lpProcName="InitHelperDll") returned 0x6d601b90 [0122.592] InitHelperDll () returned 0x0 [0122.592] RegisterHelper () returned 0x0 [0122.592] GetProcessHeap () returned 0xad0000 [0122.592] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x798) returned 0xaee918 [0122.592] memcpy (in: _Dst=0xaee918, _Src=0xaef6f0, _Size=0x750 | out: _Dst=0xaee918) returned 0xaee918 [0122.592] GetProcessHeap () returned 0xad0000 [0122.593] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaef6f0) returned 1 [0122.593] RegEnumValueW (in: hKey=0xcc, dwIndex=0x9, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="nshipsec", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.593] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0122.593] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0122.593] GetProcessHeap () returned 0xad0000 [0122.593] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xdc) returned 0xae22c8 [0122.593] memcpy (in: _Dst=0xae22c8, _Src=0xaee008, _Size=0xc8 | out: _Dst=0xae22c8) returned 0xae22c8 [0122.593] GetProcessHeap () returned 0xad0000 [0122.593] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xae9080 [0122.593] GetProcessHeap () returned 0xad0000 [0122.593] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1a) returned 0xae0360 [0122.594] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0122.594] GetProcessHeap () returned 0xad0000 [0122.594] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaee008) returned 1 [0122.594] LoadLibraryExW (lpLibFileName="NSHIPSEC.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d580000 [0122.826] GetProcAddress (hModule=0x6d580000, lpProcName="InitHelperDll") returned 0x6d583910 [0122.826] InitHelperDll () returned 0x0 [0122.826] RegisterHelper () returned 0x0 [0122.826] GetProcessHeap () returned 0xad0000 [0122.826] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x7e0) returned 0xaf10d0 [0122.826] memcpy (in: _Dst=0xaf10d0, _Src=0xaee918, _Size=0x798 | out: _Dst=0xaf10d0) returned 0xaf10d0 [0122.826] GetProcessHeap () returned 0xad0000 [0122.827] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaee918) returned 1 [0122.827] RegisterHelper () returned 0x0 [0122.827] GetProcessHeap () returned 0xad0000 [0122.827] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x828) returned 0xaf18b8 [0122.827] memcpy (in: _Dst=0xaf18b8, _Src=0xaf10d0, _Size=0x7e0 | out: _Dst=0xaf18b8) returned 0xaf18b8 [0122.827] GetProcessHeap () returned 0xad0000 [0122.827] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf10d0) returned 1 [0122.827] RegisterHelper () returned 0x0 [0122.827] GetProcessHeap () returned 0xad0000 [0122.827] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x870) returned 0xaf20e8 [0122.827] memcpy (in: _Dst=0xaf20e8, _Src=0xaf18b8, _Size=0x828 | out: _Dst=0xaf20e8) returned 0xaf20e8 [0122.828] GetProcessHeap () returned 0xad0000 [0122.828] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf18b8) returned 1 [0122.845] RegEnumValueW (in: hKey=0xcc, dwIndex=0xa, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="nshwfp", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.845] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0122.845] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0122.845] GetProcessHeap () returned 0xad0000 [0122.845] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xf0) returned 0xaf2ce8 [0122.845] memcpy (in: _Dst=0xaf2ce8, _Src=0xae22c8, _Size=0xdc | out: _Dst=0xaf2ce8) returned 0xaf2ce8 [0122.845] GetProcessHeap () returned 0xad0000 [0122.845] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xe) returned 0xaeeae0 [0122.845] GetProcessHeap () returned 0xad0000 [0122.845] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xae9000 [0122.845] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0122.845] GetProcessHeap () returned 0xad0000 [0122.846] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae22c8) returned 1 [0122.846] LoadLibraryExW (lpLibFileName="NSHWFP.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d3d0000 [0122.912] GetProcAddress (hModule=0x6d3d0000, lpProcName="InitHelperDll") returned 0x6d423bb0 [0122.912] InitHelperDll () returned 0x0 [0122.912] RegisterHelper () returned 0x0 [0122.912] GetProcessHeap () returned 0xad0000 [0122.912] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8b8) returned 0xaf3f38 [0122.912] memcpy (in: _Dst=0xaf3f38, _Src=0xaf20e8, _Size=0x870 | out: _Dst=0xaf3f38) returned 0xaf3f38 [0122.912] GetProcessHeap () returned 0xad0000 [0122.913] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf20e8) returned 1 [0122.913] RegEnumValueW (in: hKey=0xcc, dwIndex=0xb, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="p2pnetsh", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0122.913] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0122.913] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0122.913] GetProcessHeap () returned 0xad0000 [0122.913] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x104) returned 0xaf2de0 [0122.913] memcpy (in: _Dst=0xaf2de0, _Src=0xaf2ce8, _Size=0xf0 | out: _Dst=0xaf2de0) returned 0xaf2de0 [0122.913] GetProcessHeap () returned 0xad0000 [0122.913] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xae8da0 [0122.913] GetProcessHeap () returned 0xad0000 [0122.913] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1a) returned 0xaf0bf0 [0122.913] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0122.913] GetProcessHeap () returned 0xad0000 [0122.914] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf2ce8) returned 1 [0122.914] LoadLibraryExW (lpLibFileName="P2PNETSH.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d360000 [0123.043] GetProcAddress (hModule=0x6d360000, lpProcName="InitHelperDll") returned 0x6d3658d0 [0123.043] InitHelperDll () returned 0x0 [0123.044] RegisterHelper () returned 0x0 [0123.044] GetProcessHeap () returned 0xad0000 [0123.044] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x900) returned 0xaf6800 [0123.044] memcpy (in: _Dst=0xaf6800, _Src=0xaf3f38, _Size=0x8b8 | out: _Dst=0xaf6800) returned 0xaf6800 [0123.044] GetProcessHeap () returned 0xad0000 [0123.044] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf3f38) returned 1 [0123.045] RegisterHelper () returned 0x0 [0123.045] GetProcessHeap () returned 0xad0000 [0123.045] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x948) returned 0xaf7108 [0123.045] memcpy (in: _Dst=0xaf7108, _Src=0xaf6800, _Size=0x900 | out: _Dst=0xaf7108) returned 0xaf7108 [0123.045] GetProcessHeap () returned 0xad0000 [0123.045] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf6800) returned 1 [0123.045] RegisterHelper () returned 0x0 [0123.045] GetProcessHeap () returned 0xad0000 [0123.045] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x990) returned 0xaf7a58 [0123.046] memcpy (in: _Dst=0xaf7a58, _Src=0xaf7108, _Size=0x948 | out: _Dst=0xaf7a58) returned 0xaf7a58 [0123.046] GetProcessHeap () returned 0xad0000 [0123.046] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7108) returned 1 [0123.047] RegisterHelper () returned 0x0 [0123.047] GetProcessHeap () returned 0xad0000 [0123.047] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x9d8) returned 0xaf83f0 [0123.047] memcpy (in: _Dst=0xaf83f0, _Src=0xaf7a58, _Size=0x990 | out: _Dst=0xaf83f0) returned 0xaf83f0 [0123.047] GetProcessHeap () returned 0xad0000 [0123.047] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7a58) returned 1 [0123.050] RegisterHelper () returned 0x0 [0123.050] GetProcessHeap () returned 0xad0000 [0123.050] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xa20) returned 0xaf6800 [0123.050] memcpy (in: _Dst=0xaf6800, _Src=0xaf83f0, _Size=0x9d8 | out: _Dst=0xaf6800) returned 0xaf6800 [0123.050] GetProcessHeap () returned 0xad0000 [0123.051] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf83f0) returned 1 [0123.051] RegisterHelper () returned 0x0 [0123.051] GetProcessHeap () returned 0xad0000 [0123.051] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xa68) returned 0xaf7228 [0123.051] memcpy (in: _Dst=0xaf7228, _Src=0xaf6800, _Size=0xa20 | out: _Dst=0xaf7228) returned 0xaf7228 [0123.051] GetProcessHeap () returned 0xad0000 [0123.052] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf6800) returned 1 [0123.052] RegisterHelper () returned 0x0 [0123.052] GetProcessHeap () returned 0xad0000 [0123.052] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xab0) returned 0xaf7c98 [0123.052] memcpy (in: _Dst=0xaf7c98, _Src=0xaf7228, _Size=0xa68 | out: _Dst=0xaf7c98) returned 0xaf7c98 [0123.052] GetProcessHeap () returned 0xad0000 [0123.053] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7228) returned 1 [0123.053] RegisterHelper () returned 0x0 [0123.054] GetProcessHeap () returned 0xad0000 [0123.054] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xaf8) returned 0xaf6800 [0123.054] memcpy (in: _Dst=0xaf6800, _Src=0xaf7c98, _Size=0xab0 | out: _Dst=0xaf6800) returned 0xaf6800 [0123.054] GetProcessHeap () returned 0xad0000 [0123.054] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7c98) returned 1 [0123.054] RegEnumValueW (in: hKey=0xcc, dwIndex=0xc, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="rpc", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0123.054] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0123.054] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0123.054] GetProcessHeap () returned 0xad0000 [0123.055] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x118) returned 0xae22c8 [0123.055] memcpy (in: _Dst=0xae22c8, _Src=0xaf2de0, _Size=0x104 | out: _Dst=0xae22c8) returned 0xae22c8 [0123.055] GetProcessHeap () returned 0xad0000 [0123.055] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xae8ad0 [0123.055] GetProcessHeap () returned 0xad0000 [0123.055] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xae8f80 [0123.055] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0123.055] GetProcessHeap () returned 0xad0000 [0123.055] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf2de0) returned 1 [0123.055] LoadLibraryExW (lpLibFileName="RPCNSH.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d320000 [0123.086] GetProcAddress (hModule=0x6d320000, lpProcName="InitHelperDll") returned 0x6d322a80 [0123.086] InitHelperDll () returned 0x0 [0123.086] RegisterHelper () returned 0x0 [0123.086] GetProcessHeap () returned 0xad0000 [0123.086] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xb40) returned 0xaf7300 [0123.086] memcpy (in: _Dst=0xaf7300, _Src=0xaf6800, _Size=0xaf8 | out: _Dst=0xaf7300) returned 0xaf7300 [0123.086] GetProcessHeap () returned 0xad0000 [0123.087] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf6800) returned 1 [0123.087] RegisterHelper () returned 0x0 [0123.087] GetProcessHeap () returned 0xad0000 [0123.087] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xb88) returned 0xaf7e48 [0123.087] memcpy (in: _Dst=0xaf7e48, _Src=0xaf7300, _Size=0xb40 | out: _Dst=0xaf7e48) returned 0xaf7e48 [0123.087] GetProcessHeap () returned 0xad0000 [0123.087] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7300) returned 1 [0123.087] RegEnumValueW (in: hKey=0xcc, dwIndex=0xd, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="whhelper", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0123.087] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0123.087] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0123.087] GetProcessHeap () returned 0xad0000 [0123.087] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12c) returned 0xaf2ce8 [0123.087] memcpy (in: _Dst=0xaf2ce8, _Src=0xae22c8, _Size=0x118 | out: _Dst=0xaf2ce8) returned 0xaf2ce8 [0123.087] GetProcessHeap () returned 0xad0000 [0123.087] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xae8de0 [0123.087] GetProcessHeap () returned 0xad0000 [0123.088] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1a) returned 0xaf0d08 [0123.088] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0123.088] GetProcessHeap () returned 0xad0000 [0123.088] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae22c8) returned 1 [0123.088] LoadLibraryExW (lpLibFileName="WHHELPER.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d310000 [0123.105] GetProcAddress (hModule=0x6d310000, lpProcName="InitHelperDll") returned 0x6d3117b0 [0123.105] InitHelperDll () returned 0x0 [0123.105] RegisterHelper () returned 0x0 [0123.105] GetProcessHeap () returned 0xad0000 [0123.105] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xbd0) returned 0xaf89d8 [0123.106] memcpy (in: _Dst=0xaf89d8, _Src=0xaf7e48, _Size=0xb88 | out: _Dst=0xaf89d8) returned 0xaf89d8 [0123.106] GetProcessHeap () returned 0xad0000 [0123.106] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7e48) returned 1 [0123.106] RegEnumValueW (in: hKey=0xcc, dwIndex=0xe, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="wlancfg", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0123.106] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0123.106] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0123.106] GetProcessHeap () returned 0xad0000 [0123.106] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x140) returned 0xaf20e8 [0123.107] memcpy (in: _Dst=0xaf20e8, _Src=0xaf2ce8, _Size=0x12c | out: _Dst=0xaf20e8) returned 0xaf20e8 [0123.107] GetProcessHeap () returned 0xad0000 [0123.107] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x10) returned 0xaeec18 [0123.107] GetProcessHeap () returned 0xad0000 [0123.107] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x18) returned 0xae8fa0 [0123.107] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0123.107] GetProcessHeap () returned 0xad0000 [0123.107] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf2ce8) returned 1 [0123.107] LoadLibraryExW (lpLibFileName="WLANCFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d2d0000 [0123.332] GetProcAddress (hModule=0x6d2d0000, lpProcName="InitHelperDll") returned 0x6d2d9fb0 [0123.332] InitHelperDll () returned 0x0 [0123.332] RegisterHelper () returned 0x0 [0123.332] GetProcessHeap () returned 0xad0000 [0123.332] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc18) returned 0xaf95b0 [0123.333] memcpy (in: _Dst=0xaf95b0, _Src=0xaf89d8, _Size=0xbd0 | out: _Dst=0xaf95b0) returned 0xaf95b0 [0123.333] GetProcessHeap () returned 0xad0000 [0123.333] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf89d8) returned 1 [0123.334] RegEnumValueW (in: hKey=0xcc, dwIndex=0xf, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="wshelper", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0123.334] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0123.334] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0123.334] GetProcessHeap () returned 0xad0000 [0123.334] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x154) returned 0xaf2ce8 [0123.334] memcpy (in: _Dst=0xaf2ce8, _Src=0xaf20e8, _Size=0x140 | out: _Dst=0xaf2ce8) returned 0xaf2ce8 [0123.334] GetProcessHeap () returned 0xad0000 [0123.334] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xae9020 [0123.334] GetProcessHeap () returned 0xad0000 [0123.334] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1a) returned 0xaf0d58 [0123.334] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0123.334] GetProcessHeap () returned 0xad0000 [0123.334] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf20e8) returned 1 [0123.335] LoadLibraryExW (lpLibFileName="WSHELPER.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d210000 [0123.409] GetProcAddress (hModule=0x6d210000, lpProcName="InitHelperDll") returned 0x6d2116c0 [0123.409] InitHelperDll () returned 0x0 [0123.409] RegisterHelper () returned 0x0 [0123.409] GetProcessHeap () returned 0xad0000 [0123.409] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc60) returned 0xafb1e0 [0123.409] memcpy (in: _Dst=0xafb1e0, _Src=0xaf95b0, _Size=0xc18 | out: _Dst=0xafb1e0) returned 0xafb1e0 [0123.409] GetProcessHeap () returned 0xad0000 [0123.410] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf95b0) returned 1 [0123.410] RegEnumValueW (in: hKey=0xcc, dwIndex=0x10, lpValueName=0xad66f0, lpcchValueName=0x187714, lpReserved=0x0, lpType=0x0, lpData=0xad2858, lpcbData=0x187718 | out: lpValueName="peerdistsh", lpcchValueName=0x187714, lpType=0x0, lpData=0xad2858, lpcbData=0x187718) returned 0x0 [0123.411] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0123.411] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0123.411] GetProcessHeap () returned 0xad0000 [0123.411] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x168) returned 0xafbe48 [0123.411] memcpy (in: _Dst=0xafbe48, _Src=0xaf2ce8, _Size=0x154 | out: _Dst=0xafbe48) returned 0xafbe48 [0123.411] GetProcessHeap () returned 0xad0000 [0123.411] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xaf4408 [0123.411] GetProcessHeap () returned 0xad0000 [0123.411] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1e) returned 0xaf0dd0 [0123.411] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0123.412] GetProcessHeap () returned 0xad0000 [0123.412] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf2ce8) returned 1 [0123.412] LoadLibraryExW (lpLibFileName="PEERDISTSH.DLL", hFile=0x0, dwFlags=0x0) returned 0x6d160000 [0123.469] GetProcAddress (hModule=0x6d160000, lpProcName="InitHelperDll") returned 0x6d17e4d0 [0123.469] InitHelperDll () returned 0x0 [0123.469] RegisterHelper () returned 0x0 [0123.469] GetProcessHeap () returned 0xad0000 [0123.469] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xca8) returned 0xaf9420 [0123.469] memcpy (in: _Dst=0xaf9420, _Src=0xafb1e0, _Size=0xc60 | out: _Dst=0xaf9420) returned 0xaf9420 [0123.469] GetProcessHeap () returned 0xad0000 [0123.470] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb1e0) returned 1 [0123.470] RegisterHelper () returned 0x0 [0123.470] GetProcessHeap () returned 0xad0000 [0123.470] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xcf0) returned 0xafbfb8 [0123.471] memcpy (in: _Dst=0xafbfb8, _Src=0xaf9420, _Size=0xca8 | out: _Dst=0xafbfb8) returned 0xafbfb8 [0123.471] GetProcessHeap () returned 0xad0000 [0123.471] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9420) returned 1 [0123.471] RegCloseKey (hKey=0xcc) returned 0x0 [0123.471] GetProcessHeap () returned 0xad0000 [0123.471] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad66f0) returned 1 [0123.471] GetProcessHeap () returned 0xad0000 [0123.472] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad2858) returned 1 [0123.473] GetProcessHeap () returned 0xad0000 [0123.474] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae59d0 [0123.474] memcpy (in: _Dst=0xae59d0, _Src=0x187690, _Size=0x48 | out: _Dst=0xae59d0) returned 0xae59d0 [0123.474] GetProcessHeap () returned 0xad0000 [0123.474] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.474] RegisterContext () returned 0x0 [0123.475] GetProcessHeap () returned 0xad0000 [0123.475] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae5390 [0123.475] memcpy (in: _Dst=0xae5390, _Src=0x187688, _Size=0x48 | out: _Dst=0xae5390) returned 0xae5390 [0123.475] GetProcessHeap () returned 0xad0000 [0123.475] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.475] RegisterContext () returned 0x0 [0123.478] _wcsicmp (_String1="ras", _String2="interface") returned 9 [0123.478] _wcsicmp (_String1="ras", _String2="interface") returned 9 [0123.478] GetProcessHeap () returned 0xad0000 [0123.478] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf7078 [0123.478] memcpy (in: _Dst=0xaf7078, _Src=0xae5390, _Size=0x48 | out: _Dst=0xaf7078) returned 0xaf7078 [0123.478] memcpy (in: _Dst=0xaf70c0, _Src=0x187690, _Size=0x48 | out: _Dst=0xaf70c0) returned 0xaf70c0 [0123.478] GetProcessHeap () returned 0xad0000 [0123.479] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae5390) returned 1 [0123.534] RegisterContext () returned 0x0 [0123.534] GetProcessHeap () returned 0xad0000 [0123.534] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae57f0 [0123.535] memcpy (in: _Dst=0xae57f0, _Src=0x187690, _Size=0x48 | out: _Dst=0xae57f0) returned 0xae57f0 [0123.535] GetProcessHeap () returned 0xad0000 [0123.535] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.535] RegisterContext () returned 0x0 [0123.535] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0123.535] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0123.535] GetProcessHeap () returned 0xad0000 [0123.535] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf6958 [0123.535] memcpy (in: _Dst=0xaf6958, _Src=0xae57f0, _Size=0x48 | out: _Dst=0xaf6958) returned 0xaf6958 [0123.535] memcpy (in: _Dst=0xaf69a0, _Src=0x187690, _Size=0x48 | out: _Dst=0xaf69a0) returned 0xaf69a0 [0123.535] GetProcessHeap () returned 0xad0000 [0123.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae57f0) returned 1 [0123.537] RegisterContext () returned 0x0 [0123.538] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0123.538] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0123.538] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0123.538] GetProcessHeap () returned 0xad0000 [0123.538] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd8) returned 0xaeefc8 [0123.538] memcpy (in: _Dst=0xaeefc8, _Src=0x187690, _Size=0x48 | out: _Dst=0xaeefc8) returned 0xaeefc8 [0123.538] memcpy (in: _Dst=0xaef010, _Src=0xaf6958, _Size=0x90 | out: _Dst=0xaef010) returned 0xaef010 [0123.538] GetProcessHeap () returned 0xad0000 [0123.539] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf6958) returned 1 [0123.539] RegisterContext () returned 0x0 [0123.540] _wcsicmp (_String1="diagnostics", _String2="aaaa") returned 3 [0123.540] _wcsicmp (_String1="diagnostics", _String2="ip") returned -5 [0123.540] _wcsicmp (_String1="diagnostics", _String2="ipv6") returned -5 [0123.540] _wcsicmp (_String1="diagnostics", _String2="aaaa") returned 3 [0123.540] _wcsicmp (_String1="diagnostics", _String2="ip") returned -5 [0123.540] GetProcessHeap () returned 0xad0000 [0123.540] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x120) returned 0xafb2e8 [0123.540] memcpy (in: _Dst=0xafb2e8, _Src=0xaeefc8, _Size=0x48 | out: _Dst=0xafb2e8) returned 0xafb2e8 [0123.540] memcpy (in: _Dst=0xafb330, _Src=0x187690, _Size=0x48 | out: _Dst=0xafb330) returned 0xafb330 [0123.540] memcpy (in: _Dst=0xafb378, _Src=0xaef010, _Size=0x90 | out: _Dst=0xafb378) returned 0xafb378 [0123.540] GetProcessHeap () returned 0xad0000 [0123.541] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaeefc8) returned 1 [0123.541] RegisterContext () returned 0x0 [0123.541] _wcsicmp (_String1="advfirewall", _String2="interface") returned -8 [0123.541] _wcsicmp (_String1="advfirewall", _String2="ras") returned -17 [0123.541] _wcsicmp (_String1="advfirewall", _String2="interface") returned -8 [0123.541] GetProcessHeap () returned 0xad0000 [0123.541] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd8) returned 0xaeefc8 [0123.541] memcpy (in: _Dst=0xaeefc8, _Src=0x187688, _Size=0x48 | out: _Dst=0xaeefc8) returned 0xaeefc8 [0123.541] memcpy (in: _Dst=0xaef010, _Src=0xaf7078, _Size=0x90 | out: _Dst=0xaef010) returned 0xaef010 [0123.541] GetProcessHeap () returned 0xad0000 [0123.542] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7078) returned 1 [0123.542] RegisterContext () returned 0x0 [0123.542] GetProcessHeap () returned 0xad0000 [0123.542] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae57f0 [0123.542] memcpy (in: _Dst=0xae57f0, _Src=0x187688, _Size=0x48 | out: _Dst=0xae57f0) returned 0xae57f0 [0123.542] GetProcessHeap () returned 0xad0000 [0123.542] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.543] RegisterContext () returned 0x0 [0123.543] _wcsicmp (_String1="firewall", _String2="consec") returned 3 [0123.543] _wcsicmp (_String1="firewall", _String2="consec") returned 3 [0123.543] GetProcessHeap () returned 0xad0000 [0123.543] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf68c0 [0123.543] memcpy (in: _Dst=0xaf68c0, _Src=0xae57f0, _Size=0x48 | out: _Dst=0xaf68c0) returned 0xaf68c0 [0123.543] memcpy (in: _Dst=0xaf6908, _Src=0x187688, _Size=0x48 | out: _Dst=0xaf6908) returned 0xaf6908 [0123.543] GetProcessHeap () returned 0xad0000 [0123.543] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae57f0) returned 1 [0123.544] RegisterContext () returned 0x0 [0123.544] _wcsicmp (_String1="monitor", _String2="consec") returned 10 [0123.544] _wcsicmp (_String1="monitor", _String2="firewall") returned 7 [0123.544] _wcsicmp (_String1="monitor", _String2="consec") returned 10 [0123.544] _wcsicmp (_String1="monitor", _String2="firewall") returned 7 [0123.544] GetProcessHeap () returned 0xad0000 [0123.544] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd8) returned 0xafb410 [0123.544] memcpy (in: _Dst=0xafb410, _Src=0xaf68c0, _Size=0x90 | out: _Dst=0xafb410) returned 0xafb410 [0123.544] memcpy (in: _Dst=0xafb4a0, _Src=0x187688, _Size=0x48 | out: _Dst=0xafb4a0) returned 0xafb4a0 [0123.544] GetProcessHeap () returned 0xad0000 [0123.545] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf68c0) returned 1 [0123.545] RegisterContext () returned 0x0 [0123.545] _wcsicmp (_String1="mainmode", _String2="consec") returned 10 [0123.545] _wcsicmp (_String1="mainmode", _String2="firewall") returned 7 [0123.545] _wcsicmp (_String1="mainmode", _String2="monitor") returned -14 [0123.545] _wcsicmp (_String1="mainmode", _String2="consec") returned 10 [0123.545] _wcsicmp (_String1="mainmode", _String2="firewall") returned 7 [0123.545] _wcsicmp (_String1="mainmode", _String2="monitor") returned -14 [0123.545] GetProcessHeap () returned 0xad0000 [0123.545] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x120) returned 0xafb4f0 [0123.545] memcpy (in: _Dst=0xafb4f0, _Src=0xafb410, _Size=0x90 | out: _Dst=0xafb4f0) returned 0xafb4f0 [0123.545] memcpy (in: _Dst=0xafb580, _Src=0x187688, _Size=0x48 | out: _Dst=0xafb580) returned 0xafb580 [0123.545] memcpy (in: _Dst=0xafb5c8, _Src=0xafb4a0, _Size=0x48 | out: _Dst=0xafb5c8) returned 0xafb5c8 [0123.545] GetProcessHeap () returned 0xad0000 [0123.546] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb410) returned 1 [0123.546] RegisterContext () returned 0x0 [0123.546] _wcsicmp (_String1="dhcpclient", _String2="advfirewall") returned 3 [0123.546] _wcsicmp (_String1="dhcpclient", _String2="interface") returned -5 [0123.546] _wcsicmp (_String1="dhcpclient", _String2="ras") returned -14 [0123.546] _wcsicmp (_String1="dhcpclient", _String2="advfirewall") returned 3 [0123.546] _wcsicmp (_String1="dhcpclient", _String2="interface") returned -5 [0123.546] GetProcessHeap () returned 0xad0000 [0123.546] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x120) returned 0xafb618 [0123.546] memcpy (in: _Dst=0xafb618, _Src=0xaeefc8, _Size=0x48 | out: _Dst=0xafb618) returned 0xafb618 [0123.546] memcpy (in: _Dst=0xafb660, _Src=0x187690, _Size=0x48 | out: _Dst=0xafb660) returned 0xafb660 [0123.546] memcpy (in: _Dst=0xafb6a8, _Src=0xaef010, _Size=0x90 | out: _Dst=0xafb6a8) returned 0xafb6a8 [0123.546] GetProcessHeap () returned 0xad0000 [0123.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaeefc8) returned 1 [0123.547] RegisterContext () returned 0x0 [0123.547] _wcsicmp (_String1="lan", _String2="advfirewall") returned 11 [0123.547] _wcsicmp (_String1="lan", _String2="dhcpclient") returned 8 [0123.547] _wcsicmp (_String1="lan", _String2="interface") returned 3 [0123.547] _wcsicmp (_String1="lan", _String2="ras") returned -6 [0123.547] _wcsicmp (_String1="lan", _String2="advfirewall") returned 11 [0123.547] _wcsicmp (_String1="lan", _String2="dhcpclient") returned 8 [0123.547] _wcsicmp (_String1="lan", _String2="interface") returned 3 [0123.547] _wcsicmp (_String1="lan", _String2="ras") returned -6 [0123.547] GetProcessHeap () returned 0xad0000 [0123.547] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x168) returned 0xafb740 [0123.547] memcpy (in: _Dst=0xafb740, _Src=0xafb618, _Size=0xd8 | out: _Dst=0xafb740) returned 0xafb740 [0123.547] memcpy (in: _Dst=0xafb818, _Src=0x187690, _Size=0x48 | out: _Dst=0xafb818) returned 0xafb818 [0123.547] memcpy (in: _Dst=0xafb860, _Src=0xafb6f0, _Size=0x48 | out: _Dst=0xafb860) returned 0xafb860 [0123.547] GetProcessHeap () returned 0xad0000 [0123.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb618) returned 1 [0123.555] RegisterContext () returned 0x0 [0123.556] _wcsicmp (_String1="firewall", _String2="advfirewall") returned 5 [0123.556] _wcsicmp (_String1="firewall", _String2="dhcpclient") returned 2 [0123.556] _wcsicmp (_String1="firewall", _String2="interface") returned -3 [0123.556] _wcsicmp (_String1="firewall", _String2="lan") returned -6 [0123.556] _wcsicmp (_String1="firewall", _String2="ras") returned -12 [0123.556] _wcsicmp (_String1="firewall", _String2="advfirewall") returned 5 [0123.556] _wcsicmp (_String1="firewall", _String2="dhcpclient") returned 2 [0123.556] _wcsicmp (_String1="firewall", _String2="interface") returned -3 [0123.556] GetProcessHeap () returned 0xad0000 [0123.556] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1b0) returned 0xafb8b0 [0123.556] memcpy (in: _Dst=0xafb8b0, _Src=0xafb740, _Size=0x90 | out: _Dst=0xafb8b0) returned 0xafb8b0 [0123.556] memcpy (in: _Dst=0xafb940, _Src=0x187688, _Size=0x48 | out: _Dst=0xafb940) returned 0xafb940 [0123.556] memcpy (in: _Dst=0xafb988, _Src=0xafb7d0, _Size=0xd8 | out: _Dst=0xafb988) returned 0xafb988 [0123.556] GetProcessHeap () returned 0xad0000 [0123.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb740) returned 1 [0123.557] RegisterContext () returned 0x0 [0123.557] _wcsicmp (_String1="bridge", _String2="advfirewall") returned 1 [0123.557] _wcsicmp (_String1="bridge", _String2="dhcpclient") returned -2 [0123.557] _wcsicmp (_String1="bridge", _String2="firewall") returned -4 [0123.557] _wcsicmp (_String1="bridge", _String2="interface") returned -7 [0123.557] _wcsicmp (_String1="bridge", _String2="lan") returned -10 [0123.557] _wcsicmp (_String1="bridge", _String2="ras") returned -16 [0123.557] _wcsicmp (_String1="bridge", _String2="advfirewall") returned 1 [0123.557] _wcsicmp (_String1="bridge", _String2="dhcpclient") returned -2 [0123.557] GetProcessHeap () returned 0xad0000 [0123.557] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1f8) returned 0xafb618 [0123.557] memcpy (in: _Dst=0xafb618, _Src=0xafb8b0, _Size=0x48 | out: _Dst=0xafb618) returned 0xafb618 [0123.557] memcpy (in: _Dst=0xafb660, _Src=0x187690, _Size=0x48 | out: _Dst=0xafb660) returned 0xafb660 [0123.557] memcpy (in: _Dst=0xafb6a8, _Src=0xafb8f8, _Size=0x168 | out: _Dst=0xafb6a8) returned 0xafb6a8 [0123.557] GetProcessHeap () returned 0xad0000 [0123.558] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb8b0) returned 1 [0123.558] RegisterContext () returned 0x0 [0123.558] _wcsicmp (_String1="netio", _String2="advfirewall") returned 13 [0123.558] _wcsicmp (_String1="netio", _String2="bridge") returned 12 [0123.558] _wcsicmp (_String1="netio", _String2="dhcpclient") returned 10 [0123.558] _wcsicmp (_String1="netio", _String2="firewall") returned 8 [0123.558] _wcsicmp (_String1="netio", _String2="interface") returned 5 [0123.558] _wcsicmp (_String1="netio", _String2="lan") returned 2 [0123.558] _wcsicmp (_String1="netio", _String2="ras") returned -4 [0123.558] _wcsicmp (_String1="netio", _String2="advfirewall") returned 13 [0123.558] _wcsicmp (_String1="netio", _String2="bridge") returned 12 [0123.558] _wcsicmp (_String1="netio", _String2="dhcpclient") returned 10 [0123.558] _wcsicmp (_String1="netio", _String2="firewall") returned 8 [0123.558] _wcsicmp (_String1="netio", _String2="interface") returned 5 [0123.558] _wcsicmp (_String1="netio", _String2="lan") returned 2 [0123.558] _wcsicmp (_String1="netio", _String2="ras") returned -4 [0123.558] GetProcessHeap () returned 0xad0000 [0123.558] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x240) returned 0xafb818 [0123.558] memcpy (in: _Dst=0xafb818, _Src=0xafb618, _Size=0x1b0 | out: _Dst=0xafb818) returned 0xafb818 [0123.559] memcpy (in: _Dst=0xafb9c8, _Src=0x18768c, _Size=0x48 | out: _Dst=0xafb9c8) returned 0xafb9c8 [0123.559] memcpy (in: _Dst=0xafba10, _Src=0xafb7c8, _Size=0x48 | out: _Dst=0xafba10) returned 0xafba10 [0123.559] GetProcessHeap () returned 0xad0000 [0123.559] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb618) returned 1 [0123.559] RegisterContext () returned 0x0 [0123.559] _wcsicmp (_String1="dnsclient", _String2="advfirewall") returned 3 [0123.559] _wcsicmp (_String1="dnsclient", _String2="bridge") returned 2 [0123.559] _wcsicmp (_String1="dnsclient", _String2="dhcpclient") returned 6 [0123.559] _wcsicmp (_String1="dnsclient", _String2="firewall") returned -2 [0123.559] _wcsicmp (_String1="dnsclient", _String2="interface") returned -5 [0123.559] _wcsicmp (_String1="dnsclient", _String2="lan") returned -8 [0123.559] _wcsicmp (_String1="dnsclient", _String2="netio") returned -10 [0123.559] _wcsicmp (_String1="dnsclient", _String2="ras") returned -14 [0123.560] _wcsicmp (_String1="dnsclient", _String2="advfirewall") returned 3 [0123.560] _wcsicmp (_String1="dnsclient", _String2="bridge") returned 2 [0123.560] _wcsicmp (_String1="dnsclient", _String2="dhcpclient") returned 6 [0123.560] _wcsicmp (_String1="dnsclient", _String2="firewall") returned -2 [0123.560] GetProcessHeap () returned 0xad0000 [0123.560] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x288) returned 0xafba60 [0123.560] memcpy (in: _Dst=0xafba60, _Src=0xafb818, _Size=0xd8 | out: _Dst=0xafba60) returned 0xafba60 [0123.560] memcpy (in: _Dst=0xafbb38, _Src=0x18768c, _Size=0x48 | out: _Dst=0xafbb38) returned 0xafbb38 [0123.560] memcpy (in: _Dst=0xafbb80, _Src=0xafb8f0, _Size=0x168 | out: _Dst=0xafbb80) returned 0xafbb80 [0123.560] GetProcessHeap () returned 0xad0000 [0123.560] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb818) returned 1 [0123.560] RegisterContext () returned 0x0 [0123.560] _wcsicmp (_String1="namespace", _String2="advfirewall") returned 13 [0123.561] _wcsicmp (_String1="namespace", _String2="bridge") returned 12 [0123.561] _wcsicmp (_String1="namespace", _String2="dhcpclient") returned 10 [0123.561] _wcsicmp (_String1="namespace", _String2="dnsclient") returned 10 [0123.561] _wcsicmp (_String1="namespace", _String2="firewall") returned 8 [0123.561] _wcsicmp (_String1="namespace", _String2="interface") returned 5 [0123.561] _wcsicmp (_String1="namespace", _String2="lan") returned 2 [0123.561] _wcsicmp (_String1="namespace", _String2="netio") returned -4 [0123.561] _wcsicmp (_String1="namespace", _String2="ras") returned -4 [0123.561] _wcsicmp (_String1="namespace", _String2="advfirewall") returned 13 [0123.561] _wcsicmp (_String1="namespace", _String2="bridge") returned 12 [0123.561] _wcsicmp (_String1="namespace", _String2="dhcpclient") returned 10 [0123.561] _wcsicmp (_String1="namespace", _String2="dnsclient") returned 10 [0123.561] _wcsicmp (_String1="namespace", _String2="firewall") returned 8 [0123.561] _wcsicmp (_String1="namespace", _String2="interface") returned 5 [0123.561] _wcsicmp (_String1="namespace", _String2="lan") returned 2 [0123.561] _wcsicmp (_String1="namespace", _String2="netio") returned -4 [0123.561] GetProcessHeap () returned 0xad0000 [0123.561] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x2d0) returned 0xafb618 [0123.561] memcpy (in: _Dst=0xafb618, _Src=0xafba60, _Size=0x1f8 | out: _Dst=0xafb618) returned 0xafb618 [0123.561] memcpy (in: _Dst=0xafb810, _Src=0x18768c, _Size=0x48 | out: _Dst=0xafb810) returned 0xafb810 [0123.561] memcpy (in: _Dst=0xafb858, _Src=0xafbc58, _Size=0x90 | out: _Dst=0xafb858) returned 0xafb858 [0123.561] GetProcessHeap () returned 0xad0000 [0123.562] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafba60) returned 1 [0123.562] RegisterContext () returned 0x0 [0123.562] GetProcessHeap () returned 0xad0000 [0123.562] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae56b0 [0123.562] memcpy (in: _Dst=0xae56b0, _Src=0x18768c, _Size=0x48 | out: _Dst=0xae56b0) returned 0xae56b0 [0123.562] GetProcessHeap () returned 0xad0000 [0123.562] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.562] RegisterContext () returned 0x0 [0123.562] _wcsicmp (_String1="ipv6", _String2="ipv4") returned 2 [0123.562] _wcsicmp (_String1="ipv6", _String2="ipv4") returned 2 [0123.562] GetProcessHeap () returned 0xad0000 [0123.562] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf75d0 [0123.562] memcpy (in: _Dst=0xaf75d0, _Src=0xae56b0, _Size=0x48 | out: _Dst=0xaf75d0) returned 0xaf75d0 [0123.562] memcpy (in: _Dst=0xaf7618, _Src=0x18768c, _Size=0x48 | out: _Dst=0xaf7618) returned 0xaf7618 [0123.562] GetProcessHeap () returned 0xad0000 [0123.563] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae56b0) returned 1 [0123.563] RegisterContext () returned 0x0 [0123.563] _wcsicmp (_String1="6to4", _String2="ipv4") returned -51 [0123.563] _wcsicmp (_String1="6to4", _String2="ipv6") returned -51 [0123.563] _wcsicmp (_String1="6to4", _String2="ipv4") returned -51 [0123.563] GetProcessHeap () returned 0xad0000 [0123.563] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd8) returned 0xafb410 [0123.563] memcpy (in: _Dst=0xafb410, _Src=0x187660, _Size=0x48 | out: _Dst=0xafb410) returned 0xafb410 [0123.563] memcpy (in: _Dst=0xafb458, _Src=0xaf75d0, _Size=0x90 | out: _Dst=0xafb458) returned 0xafb458 [0123.563] GetProcessHeap () returned 0xad0000 [0123.564] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf75d0) returned 1 [0123.564] RegisterContext () returned 0x0 [0123.564] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0123.564] _wcsicmp (_String1="isatap", _String2="ipv4") returned 3 [0123.564] _wcsicmp (_String1="isatap", _String2="ipv6") returned 3 [0123.564] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0123.564] _wcsicmp (_String1="isatap", _String2="ipv4") returned 3 [0123.564] _wcsicmp (_String1="isatap", _String2="ipv6") returned 3 [0123.564] GetProcessHeap () returned 0xad0000 [0123.564] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x120) returned 0xafb8f0 [0123.564] memcpy (in: _Dst=0xafb8f0, _Src=0xafb410, _Size=0xd8 | out: _Dst=0xafb8f0) returned 0xafb8f0 [0123.564] memcpy (in: _Dst=0xafb9c8, _Src=0x187660, _Size=0x48 | out: _Dst=0xafb9c8) returned 0xafb9c8 [0123.564] GetProcessHeap () returned 0xad0000 [0123.565] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb410) returned 1 [0123.565] RegisterContext () returned 0x0 [0123.565] _wcsicmp (_String1="teredo", _String2="6to4") returned 62 [0123.565] _wcsicmp (_String1="teredo", _String2="ipv4") returned 11 [0123.565] _wcsicmp (_String1="teredo", _String2="ipv6") returned 11 [0123.565] _wcsicmp (_String1="teredo", _String2="isatap") returned 11 [0123.565] _wcsicmp (_String1="teredo", _String2="6to4") returned 62 [0123.565] _wcsicmp (_String1="teredo", _String2="ipv4") returned 11 [0123.565] _wcsicmp (_String1="teredo", _String2="ipv6") returned 11 [0123.565] _wcsicmp (_String1="teredo", _String2="isatap") returned 11 [0123.565] GetProcessHeap () returned 0xad0000 [0123.565] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x168) returned 0xafba18 [0123.565] memcpy (in: _Dst=0xafba18, _Src=0xafb8f0, _Size=0x120 | out: _Dst=0xafba18) returned 0xafba18 [0123.565] memcpy (in: _Dst=0xafbb38, _Src=0x187670, _Size=0x48 | out: _Dst=0xafbb38) returned 0xafbb38 [0123.565] GetProcessHeap () returned 0xad0000 [0123.566] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb8f0) returned 1 [0123.566] RegisterContext () returned 0x0 [0123.566] _wcsicmp (_String1="portproxy", _String2="6to4") returned 58 [0123.566] _wcsicmp (_String1="portproxy", _String2="ipv4") returned 7 [0123.566] _wcsicmp (_String1="portproxy", _String2="ipv6") returned 7 [0123.566] _wcsicmp (_String1="portproxy", _String2="isatap") returned 7 [0123.567] _wcsicmp (_String1="portproxy", _String2="teredo") returned -4 [0123.567] _wcsicmp (_String1="portproxy", _String2="6to4") returned 58 [0123.567] _wcsicmp (_String1="portproxy", _String2="ipv4") returned 7 [0123.567] _wcsicmp (_String1="portproxy", _String2="ipv6") returned 7 [0123.567] _wcsicmp (_String1="portproxy", _String2="isatap") returned 7 [0123.567] _wcsicmp (_String1="portproxy", _String2="teredo") returned -4 [0123.567] GetProcessHeap () returned 0xad0000 [0123.567] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1b0) returned 0xafbb88 [0123.567] memcpy (in: _Dst=0xafbb88, _Src=0xafba18, _Size=0x120 | out: _Dst=0xafbb88) returned 0xafbb88 [0123.567] memcpy (in: _Dst=0xafbca8, _Src=0x187660, _Size=0x48 | out: _Dst=0xafbca8) returned 0xafbca8 [0123.567] memcpy (in: _Dst=0xafbcf0, _Src=0xafbb38, _Size=0x48 | out: _Dst=0xafbcf0) returned 0xafbcf0 [0123.567] GetProcessHeap () returned 0xad0000 [0123.568] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafba18) returned 1 [0123.578] RegisterContext () returned 0x0 [0123.578] GetProcessHeap () returned 0xad0000 [0123.578] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae56b0 [0123.578] memcpy (in: _Dst=0xae56b0, _Src=0x187660, _Size=0x48 | out: _Dst=0xae56b0) returned 0xae56b0 [0123.578] GetProcessHeap () returned 0xad0000 [0123.578] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.578] RegisterContext () returned 0x0 [0123.578] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0123.578] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0123.578] GetProcessHeap () returned 0xad0000 [0123.578] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf74a0 [0123.578] memcpy (in: _Dst=0xaf74a0, _Src=0xae56b0, _Size=0x48 | out: _Dst=0xaf74a0) returned 0xaf74a0 [0123.578] memcpy (in: _Dst=0xaf74e8, _Src=0x187660, _Size=0x48 | out: _Dst=0xaf74e8) returned 0xaf74e8 [0123.578] GetProcessHeap () returned 0xad0000 [0123.579] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae56b0) returned 1 [0123.579] RegisterContext () returned 0x0 [0123.579] _wcsicmp (_String1="portproxy", _String2="6to4") returned 58 [0123.579] _wcsicmp (_String1="portproxy", _String2="ipv4") returned 7 [0123.579] _wcsicmp (_String1="portproxy", _String2="ipv6") returned 7 [0123.579] _wcsicmp (_String1="portproxy", _String2="isatap") returned 7 [0123.579] _wcsicmp (_String1="portproxy", _String2="portproxy") returned 0 [0123.579] memcpy (in: _Dst=0xafbca8, _Src=0x187660, _Size=0x48 | out: _Dst=0xafbca8) returned 0xafbca8 [0123.580] RegisterContext () returned 0x0 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="6to4") returned 50 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="ipv4") returned -1 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="ipv6") returned -1 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="isatap") returned -1 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="portproxy") returned -8 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="teredo") returned -12 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="6to4") returned 50 [0123.580] _wcsicmp (_String1="httpstunnel", _String2="ipv4") returned -1 [0123.580] GetProcessHeap () returned 0xad0000 [0123.580] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1f8) returned 0xafb8f0 [0123.580] memcpy (in: _Dst=0xafb8f0, _Src=0xafbb88, _Size=0x48 | out: _Dst=0xafb8f0) returned 0xafb8f0 [0123.580] memcpy (in: _Dst=0xafb938, _Src=0x18768c, _Size=0x48 | out: _Dst=0xafb938) returned 0xafb938 [0123.580] memcpy (in: _Dst=0xafb980, _Src=0xafbbd0, _Size=0x168 | out: _Dst=0xafb980) returned 0xafb980 [0123.580] GetProcessHeap () returned 0xad0000 [0123.581] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafbb88) returned 1 [0123.582] RegisterContext () returned 0x0 [0123.582] _wcsicmp (_String1="tcp", _String2="6to4") returned 62 [0123.582] _wcsicmp (_String1="tcp", _String2="httpstunnel") returned 12 [0123.582] _wcsicmp (_String1="tcp", _String2="ipv4") returned 11 [0123.582] _wcsicmp (_String1="tcp", _String2="ipv6") returned 11 [0123.582] _wcsicmp (_String1="tcp", _String2="isatap") returned 11 [0123.582] _wcsicmp (_String1="tcp", _String2="portproxy") returned 4 [0123.582] _wcsicmp (_String1="tcp", _String2="teredo") returned -2 [0123.582] _wcsicmp (_String1="tcp", _String2="6to4") returned 62 [0123.582] _wcsicmp (_String1="tcp", _String2="httpstunnel") returned 12 [0123.582] _wcsicmp (_String1="tcp", _String2="ipv4") returned 11 [0123.582] _wcsicmp (_String1="tcp", _String2="ipv6") returned 11 [0123.582] _wcsicmp (_String1="tcp", _String2="isatap") returned 11 [0123.582] _wcsicmp (_String1="tcp", _String2="portproxy") returned 4 [0123.582] _wcsicmp (_String1="tcp", _String2="teredo") returned -2 [0123.582] GetProcessHeap () returned 0xad0000 [0123.583] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x240) returned 0xafbaf0 [0123.583] memcpy (in: _Dst=0xafbaf0, _Src=0xafb8f0, _Size=0x1b0 | out: _Dst=0xafbaf0) returned 0xafbaf0 [0123.583] memcpy (in: _Dst=0xafbca0, _Src=0x18768c, _Size=0x48 | out: _Dst=0xafbca0) returned 0xafbca0 [0123.583] memcpy (in: _Dst=0xafbce8, _Src=0xafbaa0, _Size=0x48 | out: _Dst=0xafbce8) returned 0xafbce8 [0123.583] GetProcessHeap () returned 0xad0000 [0123.584] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb8f0) returned 1 [0123.584] RegisterContext () returned 0x0 [0123.584] _wcsicmp (_String1="http", _String2="advfirewall") returned 7 [0123.584] _wcsicmp (_String1="http", _String2="bridge") returned 6 [0123.584] _wcsicmp (_String1="http", _String2="dhcpclient") returned 4 [0123.584] _wcsicmp (_String1="http", _String2="dnsclient") returned 4 [0123.584] _wcsicmp (_String1="http", _String2="firewall") returned 2 [0123.584] _wcsicmp (_String1="http", _String2="interface") returned -1 [0123.585] _wcsicmp (_String1="http", _String2="lan") returned -4 [0123.585] _wcsicmp (_String1="http", _String2="namespace") returned -6 [0123.585] _wcsicmp (_String1="http", _String2="netio") returned -6 [0123.585] _wcsicmp (_String1="http", _String2="ras") returned -10 [0123.585] _wcsicmp (_String1="http", _String2="advfirewall") returned 7 [0123.585] _wcsicmp (_String1="http", _String2="bridge") returned 6 [0123.585] _wcsicmp (_String1="http", _String2="dhcpclient") returned 4 [0123.585] _wcsicmp (_String1="http", _String2="dnsclient") returned 4 [0123.585] _wcsicmp (_String1="http", _String2="firewall") returned 2 [0123.585] _wcsicmp (_String1="http", _String2="interface") returned -1 [0123.585] GetProcessHeap () returned 0xad0000 [0123.585] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x318) returned 0xaf9420 [0123.585] memcpy (in: _Dst=0xaf9420, _Src=0xafb618, _Size=0x168 | out: _Dst=0xaf9420) returned 0xaf9420 [0123.585] memcpy (in: _Dst=0xaf9588, _Src=0x18768c, _Size=0x48 | out: _Dst=0xaf9588) returned 0xaf9588 [0123.585] memcpy (in: _Dst=0xaf95d0, _Src=0xafb780, _Size=0x168 | out: _Dst=0xaf95d0) returned 0xaf95d0 [0123.585] GetProcessHeap () returned 0xad0000 [0123.586] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb618) returned 1 [0123.588] RegisterContext () returned 0x0 [0123.588] _wcsicmp (_String1="ipsec", _String2="advfirewall") returned 8 [0123.588] _wcsicmp (_String1="ipsec", _String2="bridge") returned 7 [0123.588] _wcsicmp (_String1="ipsec", _String2="dhcpclient") returned 5 [0123.588] _wcsicmp (_String1="ipsec", _String2="dnsclient") returned 5 [0123.588] _wcsicmp (_String1="ipsec", _String2="firewall") returned 3 [0123.588] _wcsicmp (_String1="ipsec", _String2="http") returned 1 [0123.588] _wcsicmp (_String1="ipsec", _String2="interface") returned 2 [0123.588] _wcsicmp (_String1="ipsec", _String2="lan") returned -3 [0123.588] _wcsicmp (_String1="ipsec", _String2="namespace") returned -5 [0123.588] _wcsicmp (_String1="ipsec", _String2="netio") returned -5 [0123.588] _wcsicmp (_String1="ipsec", _String2="ras") returned -9 [0123.588] _wcsicmp (_String1="ipsec", _String2="advfirewall") returned 8 [0123.588] _wcsicmp (_String1="ipsec", _String2="bridge") returned 7 [0123.588] _wcsicmp (_String1="ipsec", _String2="dhcpclient") returned 5 [0123.588] _wcsicmp (_String1="ipsec", _String2="dnsclient") returned 5 [0123.588] _wcsicmp (_String1="ipsec", _String2="firewall") returned 3 [0123.588] _wcsicmp (_String1="ipsec", _String2="http") returned 1 [0123.589] _wcsicmp (_String1="ipsec", _String2="interface") returned 2 [0123.589] _wcsicmp (_String1="ipsec", _String2="lan") returned -3 [0123.589] GetProcessHeap () returned 0xad0000 [0123.589] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x360) returned 0xafb618 [0123.589] memcpy (in: _Dst=0xafb618, _Src=0xaf9420, _Size=0x1f8 | out: _Dst=0xafb618) returned 0xafb618 [0123.589] memcpy (in: _Dst=0xafb810, _Src=0x187688, _Size=0x48 | out: _Dst=0xafb810) returned 0xafb810 [0123.589] memcpy (in: _Dst=0xafb858, _Src=0xaf9618, _Size=0x120 | out: _Dst=0xafb858) returned 0xafb858 [0123.589] GetProcessHeap () returned 0xad0000 [0123.590] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9420) returned 1 [0123.590] RegisterContext () returned 0x0 [0123.590] GetProcessHeap () returned 0xad0000 [0123.590] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae5a70 [0123.590] memcpy (in: _Dst=0xae5a70, _Src=0x187688, _Size=0x48 | out: _Dst=0xae5a70) returned 0xae5a70 [0123.590] GetProcessHeap () returned 0xad0000 [0123.590] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.590] RegisterContext () returned 0x0 [0123.590] _wcsicmp (_String1="dynamic", _String2="static") returned -15 [0123.590] _wcsicmp (_String1="dynamic", _String2="static") returned -15 [0123.590] GetProcessHeap () returned 0xad0000 [0123.590] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf6958 [0123.590] memcpy (in: _Dst=0xaf6958, _Src=0x187688, _Size=0x48 | out: _Dst=0xaf6958) returned 0xaf6958 [0123.590] memcpy (in: _Dst=0xaf69a0, _Src=0xae5a70, _Size=0x48 | out: _Dst=0xaf69a0) returned 0xaf69a0 [0123.591] GetProcessHeap () returned 0xad0000 [0123.591] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae5a70) returned 1 [0123.591] RegisterContext () returned 0x0 [0123.592] _wcsicmp (_String1="static", _String2="dynamic") returned 15 [0123.592] _wcsicmp (_String1="static", _String2="static") returned 0 [0123.592] memcpy (in: _Dst=0xaf69a0, _Src=0x187688, _Size=0x48 | out: _Dst=0xaf69a0) returned 0xaf69a0 [0123.592] RegisterContext () returned 0x0 [0123.592] _wcsicmp (_String1="dynamic", _String2="dynamic") returned 0 [0123.592] memcpy (in: _Dst=0xaf6958, _Src=0x187688, _Size=0x48 | out: _Dst=0xaf6958) returned 0xaf6958 [0123.592] RegisterContext () returned 0x0 [0123.592] _wcsicmp (_String1="wfp", _String2="advfirewall") returned 22 [0123.592] _wcsicmp (_String1="wfp", _String2="bridge") returned 21 [0123.592] _wcsicmp (_String1="wfp", _String2="dhcpclient") returned 19 [0123.592] _wcsicmp (_String1="wfp", _String2="dnsclient") returned 19 [0123.592] _wcsicmp (_String1="wfp", _String2="firewall") returned 17 [0123.592] _wcsicmp (_String1="wfp", _String2="http") returned 15 [0123.592] _wcsicmp (_String1="wfp", _String2="interface") returned 14 [0123.592] _wcsicmp (_String1="wfp", _String2="ipsec") returned 14 [0123.592] _wcsicmp (_String1="wfp", _String2="lan") returned 11 [0123.592] _wcsicmp (_String1="wfp", _String2="namespace") returned 9 [0123.592] _wcsicmp (_String1="wfp", _String2="netio") returned 9 [0123.592] _wcsicmp (_String1="wfp", _String2="ras") returned 5 [0123.592] _wcsicmp (_String1="wfp", _String2="advfirewall") returned 22 [0123.592] _wcsicmp (_String1="wfp", _String2="bridge") returned 21 [0123.593] _wcsicmp (_String1="wfp", _String2="dhcpclient") returned 19 [0123.593] _wcsicmp (_String1="wfp", _String2="dnsclient") returned 19 [0123.593] _wcsicmp (_String1="wfp", _String2="firewall") returned 17 [0123.593] _wcsicmp (_String1="wfp", _String2="http") returned 15 [0123.593] _wcsicmp (_String1="wfp", _String2="interface") returned 14 [0123.593] _wcsicmp (_String1="wfp", _String2="ipsec") returned 14 [0123.593] _wcsicmp (_String1="wfp", _String2="lan") returned 11 [0123.593] _wcsicmp (_String1="wfp", _String2="namespace") returned 9 [0123.593] _wcsicmp (_String1="wfp", _String2="netio") returned 9 [0123.593] _wcsicmp (_String1="wfp", _String2="ras") returned 5 [0123.593] GetProcessHeap () returned 0xad0000 [0123.593] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x3a8) returned 0xaf9598 [0123.593] memcpy (in: _Dst=0xaf9598, _Src=0xafb618, _Size=0x360 | out: _Dst=0xaf9598) returned 0xaf9598 [0123.593] memcpy (in: _Dst=0xaf98f8, _Src=0x187678, _Size=0x48 | out: _Dst=0xaf98f8) returned 0xaf98f8 [0123.593] GetProcessHeap () returned 0xad0000 [0123.594] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb618) returned 1 [0123.597] RegisterContext () returned 0x0 [0123.597] _wcsicmp (_String1="p2p", _String2="advfirewall") returned 15 [0123.597] _wcsicmp (_String1="p2p", _String2="bridge") returned 14 [0123.597] _wcsicmp (_String1="p2p", _String2="dhcpclient") returned 12 [0123.597] _wcsicmp (_String1="p2p", _String2="dnsclient") returned 12 [0123.597] _wcsicmp (_String1="p2p", _String2="firewall") returned 10 [0123.597] _wcsicmp (_String1="p2p", _String2="http") returned 8 [0123.597] _wcsicmp (_String1="p2p", _String2="interface") returned 7 [0123.597] _wcsicmp (_String1="p2p", _String2="ipsec") returned 7 [0123.597] _wcsicmp (_String1="p2p", _String2="lan") returned 4 [0123.597] _wcsicmp (_String1="p2p", _String2="namespace") returned 2 [0123.597] _wcsicmp (_String1="p2p", _String2="netio") returned 2 [0123.597] _wcsicmp (_String1="p2p", _String2="ras") returned -2 [0123.598] _wcsicmp (_String1="p2p", _String2="wfp") returned -7 [0123.598] _wcsicmp (_String1="p2p", _String2="advfirewall") returned 15 [0123.598] _wcsicmp (_String1="p2p", _String2="bridge") returned 14 [0123.598] _wcsicmp (_String1="p2p", _String2="dhcpclient") returned 12 [0123.598] _wcsicmp (_String1="p2p", _String2="dnsclient") returned 12 [0123.598] _wcsicmp (_String1="p2p", _String2="firewall") returned 10 [0123.598] _wcsicmp (_String1="p2p", _String2="http") returned 8 [0123.598] _wcsicmp (_String1="p2p", _String2="interface") returned 7 [0123.598] _wcsicmp (_String1="p2p", _String2="ipsec") returned 7 [0123.598] _wcsicmp (_String1="p2p", _String2="lan") returned 4 [0123.598] _wcsicmp (_String1="p2p", _String2="namespace") returned 2 [0123.598] _wcsicmp (_String1="p2p", _String2="netio") returned 2 [0123.598] _wcsicmp (_String1="p2p", _String2="ras") returned -2 [0123.598] GetProcessHeap () returned 0xad0000 [0123.598] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x3f0) returned 0xafb618 [0123.598] memcpy (in: _Dst=0xafb618, _Src=0xaf9598, _Size=0x318 | out: _Dst=0xafb618) returned 0xafb618 [0123.598] memcpy (in: _Dst=0xafb930, _Src=0x1874f8, _Size=0x48 | out: _Dst=0xafb930) returned 0xafb930 [0123.598] memcpy (in: _Dst=0xafb978, _Src=0xaf98b0, _Size=0x90 | out: _Dst=0xafb978) returned 0xafb978 [0123.598] GetProcessHeap () returned 0xad0000 [0123.599] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9598) returned 1 [0123.601] RegisterContext () returned 0x0 [0123.601] GetProcessHeap () returned 0xad0000 [0123.601] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae56b0 [0123.601] memcpy (in: _Dst=0xae56b0, _Src=0x187688, _Size=0x48 | out: _Dst=0xae56b0) returned 0xae56b0 [0123.601] GetProcessHeap () returned 0xad0000 [0123.601] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.606] RegisterContext () returned 0x0 [0123.606] _wcsicmp (_String1="group", _String2="pnrp") returned -9 [0123.606] _wcsicmp (_String1="group", _String2="pnrp") returned -9 [0123.606] GetProcessHeap () returned 0xad0000 [0123.606] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf7538 [0123.606] memcpy (in: _Dst=0xaf7538, _Src=0x187688, _Size=0x48 | out: _Dst=0xaf7538) returned 0xaf7538 [0123.606] memcpy (in: _Dst=0xaf7580, _Src=0xae56b0, _Size=0x48 | out: _Dst=0xaf7580) returned 0xaf7580 [0123.606] GetProcessHeap () returned 0xad0000 [0123.607] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae56b0) returned 1 [0123.608] RegisterContext () returned 0x0 [0123.608] _wcsicmp (_String1="idmgr", _String2="group") returned 2 [0123.608] _wcsicmp (_String1="idmgr", _String2="pnrp") returned -7 [0123.608] _wcsicmp (_String1="idmgr", _String2="group") returned 2 [0123.608] _wcsicmp (_String1="idmgr", _String2="pnrp") returned -7 [0123.608] GetProcessHeap () returned 0xad0000 [0123.608] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd8) returned 0xafba10 [0123.608] memcpy (in: _Dst=0xafba10, _Src=0xaf7538, _Size=0x48 | out: _Dst=0xafba10) returned 0xafba10 [0123.608] memcpy (in: _Dst=0xafba58, _Src=0x187688, _Size=0x48 | out: _Dst=0xafba58) returned 0xafba58 [0123.608] memcpy (in: _Dst=0xafbaa0, _Src=0xaf7580, _Size=0x48 | out: _Dst=0xafbaa0) returned 0xafbaa0 [0123.608] GetProcessHeap () returned 0xad0000 [0123.609] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf7538) returned 1 [0123.609] RegisterContext () returned 0x0 [0123.609] GetProcessHeap () returned 0xad0000 [0123.609] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae5390 [0123.609] memcpy (in: _Dst=0xae5390, _Src=0x187688, _Size=0x48 | out: _Dst=0xae5390) returned 0xae5390 [0123.609] GetProcessHeap () returned 0xad0000 [0123.609] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.609] RegisterContext () returned 0x0 [0123.609] _wcsicmp (_String1="diagnostics", _String2="cloud") returned 1 [0123.610] _wcsicmp (_String1="diagnostics", _String2="cloud") returned 1 [0123.610] GetProcessHeap () returned 0xad0000 [0123.610] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x90) returned 0xaf71a8 [0123.610] memcpy (in: _Dst=0xaf71a8, _Src=0xae5390, _Size=0x48 | out: _Dst=0xaf71a8) returned 0xaf71a8 [0123.610] memcpy (in: _Dst=0xaf71f0, _Src=0x187688, _Size=0x48 | out: _Dst=0xaf71f0) returned 0xaf71f0 [0123.610] GetProcessHeap () returned 0xad0000 [0123.611] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae5390) returned 1 [0123.611] RegisterContext () returned 0x0 [0123.611] _wcsicmp (_String1="peer", _String2="cloud") returned 13 [0123.611] _wcsicmp (_String1="peer", _String2="diagnostics") returned 12 [0123.611] _wcsicmp (_String1="peer", _String2="cloud") returned 13 [0123.611] _wcsicmp (_String1="peer", _String2="diagnostics") returned 12 [0123.611] GetProcessHeap () returned 0xad0000 [0123.611] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd8) returned 0xafb410 [0123.611] memcpy (in: _Dst=0xafb410, _Src=0xaf71a8, _Size=0x90 | out: _Dst=0xafb410) returned 0xafb410 [0123.611] memcpy (in: _Dst=0xafb4a0, _Src=0x187688, _Size=0x48 | out: _Dst=0xafb4a0) returned 0xafb4a0 [0123.611] GetProcessHeap () returned 0xad0000 [0123.612] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf71a8) returned 1 [0123.612] RegisterContext () returned 0x0 [0123.612] GetProcessHeap () returned 0xad0000 [0123.612] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae5a20 [0123.612] memcpy (in: _Dst=0xae5a20, _Src=0x187688, _Size=0x48 | out: _Dst=0xae5a20) returned 0xae5a20 [0123.612] GetProcessHeap () returned 0xad0000 [0123.612] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.612] RegisterContext () returned 0x0 [0123.613] _wcsicmp (_String1="rpc", _String2="advfirewall") returned 17 [0123.613] _wcsicmp (_String1="rpc", _String2="bridge") returned 16 [0123.613] _wcsicmp (_String1="rpc", _String2="dhcpclient") returned 14 [0123.613] _wcsicmp (_String1="rpc", _String2="dnsclient") returned 14 [0123.613] _wcsicmp (_String1="rpc", _String2="firewall") returned 12 [0123.613] _wcsicmp (_String1="rpc", _String2="http") returned 10 [0123.613] _wcsicmp (_String1="rpc", _String2="interface") returned 9 [0123.613] _wcsicmp (_String1="rpc", _String2="ipsec") returned 9 [0123.613] _wcsicmp (_String1="rpc", _String2="lan") returned 6 [0123.613] _wcsicmp (_String1="rpc", _String2="namespace") returned 4 [0123.613] _wcsicmp (_String1="rpc", _String2="netio") returned 4 [0123.613] _wcsicmp (_String1="rpc", _String2="p2p") returned 2 [0123.613] _wcsicmp (_String1="rpc", _String2="ras") returned 15 [0123.613] _wcsicmp (_String1="rpc", _String2="wfp") returned -5 [0123.613] _wcsicmp (_String1="rpc", _String2="advfirewall") returned 17 [0123.613] _wcsicmp (_String1="rpc", _String2="bridge") returned 16 [0123.613] _wcsicmp (_String1="rpc", _String2="dhcpclient") returned 14 [0123.613] _wcsicmp (_String1="rpc", _String2="dnsclient") returned 14 [0123.613] _wcsicmp (_String1="rpc", _String2="firewall") returned 12 [0123.613] _wcsicmp (_String1="rpc", _String2="http") returned 10 [0123.613] _wcsicmp (_String1="rpc", _String2="interface") returned 9 [0123.613] _wcsicmp (_String1="rpc", _String2="ipsec") returned 9 [0123.614] _wcsicmp (_String1="rpc", _String2="lan") returned 6 [0123.614] _wcsicmp (_String1="rpc", _String2="namespace") returned 4 [0123.614] _wcsicmp (_String1="rpc", _String2="netio") returned 4 [0123.614] _wcsicmp (_String1="rpc", _String2="p2p") returned 2 [0123.614] _wcsicmp (_String1="rpc", _String2="ras") returned 15 [0123.614] _wcsicmp (_String1="rpc", _String2="wfp") returned -5 [0123.614] GetProcessHeap () returned 0xad0000 [0123.614] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x438) returned 0xaf9598 [0123.614] memcpy (in: _Dst=0xaf9598, _Src=0xafb618, _Size=0x3a8 | out: _Dst=0xaf9598) returned 0xaf9598 [0123.614] memcpy (in: _Dst=0xaf9940, _Src=0x187690, _Size=0x48 | out: _Dst=0xaf9940) returned 0xaf9940 [0123.614] memcpy (in: _Dst=0xaf9988, _Src=0xafb9c0, _Size=0x48 | out: _Dst=0xaf9988) returned 0xaf9988 [0123.614] GetProcessHeap () returned 0xad0000 [0123.615] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafb618) returned 1 [0123.616] RegisterContext () returned 0x0 [0123.616] GetProcessHeap () returned 0xad0000 [0123.616] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae56b0 [0123.617] memcpy (in: _Dst=0xae56b0, _Src=0x187690, _Size=0x48 | out: _Dst=0xae56b0) returned 0xae56b0 [0123.617] GetProcessHeap () returned 0xad0000 [0123.617] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.617] RegisterContext () returned 0x0 [0123.617] _wcsicmp (_String1="winhttp", _String2="advfirewall") returned 22 [0123.617] _wcsicmp (_String1="winhttp", _String2="bridge") returned 21 [0123.617] _wcsicmp (_String1="winhttp", _String2="dhcpclient") returned 19 [0123.617] _wcsicmp (_String1="winhttp", _String2="dnsclient") returned 19 [0123.617] _wcsicmp (_String1="winhttp", _String2="firewall") returned 17 [0123.617] _wcsicmp (_String1="winhttp", _String2="http") returned 15 [0123.617] _wcsicmp (_String1="winhttp", _String2="interface") returned 14 [0123.617] _wcsicmp (_String1="winhttp", _String2="ipsec") returned 14 [0123.617] _wcsicmp (_String1="winhttp", _String2="lan") returned 11 [0123.617] _wcsicmp (_String1="winhttp", _String2="namespace") returned 9 [0123.617] _wcsicmp (_String1="winhttp", _String2="netio") returned 9 [0123.617] _wcsicmp (_String1="winhttp", _String2="p2p") returned 7 [0123.617] _wcsicmp (_String1="winhttp", _String2="ras") returned 5 [0123.617] _wcsicmp (_String1="winhttp", _String2="rpc") returned 5 [0123.617] _wcsicmp (_String1="winhttp", _String2="wfp") returned 3 [0123.617] _wcsicmp (_String1="winhttp", _String2="advfirewall") returned 22 [0123.618] _wcsicmp (_String1="winhttp", _String2="bridge") returned 21 [0123.618] _wcsicmp (_String1="winhttp", _String2="dhcpclient") returned 19 [0123.618] _wcsicmp (_String1="winhttp", _String2="dnsclient") returned 19 [0123.618] _wcsicmp (_String1="winhttp", _String2="firewall") returned 17 [0123.618] _wcsicmp (_String1="winhttp", _String2="http") returned 15 [0123.618] _wcsicmp (_String1="winhttp", _String2="interface") returned 14 [0123.618] _wcsicmp (_String1="winhttp", _String2="ipsec") returned 14 [0123.618] _wcsicmp (_String1="winhttp", _String2="lan") returned 11 [0123.618] _wcsicmp (_String1="winhttp", _String2="namespace") returned 9 [0123.618] _wcsicmp (_String1="winhttp", _String2="netio") returned 9 [0123.618] _wcsicmp (_String1="winhttp", _String2="p2p") returned 7 [0123.618] _wcsicmp (_String1="winhttp", _String2="ras") returned 5 [0123.618] _wcsicmp (_String1="winhttp", _String2="rpc") returned 5 [0123.618] _wcsicmp (_String1="winhttp", _String2="wfp") returned 3 [0123.618] GetProcessHeap () returned 0xad0000 [0123.618] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x480) returned 0xaf99d8 [0123.618] memcpy (in: _Dst=0xaf99d8, _Src=0xaf9598, _Size=0x438 | out: _Dst=0xaf99d8) returned 0xaf99d8 [0123.618] memcpy (in: _Dst=0xaf9e10, _Src=0x187690, _Size=0x48 | out: _Dst=0xaf9e10) returned 0xaf9e10 [0123.618] GetProcessHeap () returned 0xad0000 [0123.619] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9598) returned 1 [0123.648] RegisterContext () returned 0x0 [0123.648] _wcsicmp (_String1="wlan", _String2="advfirewall") returned 22 [0123.648] _wcsicmp (_String1="wlan", _String2="bridge") returned 21 [0123.648] _wcsicmp (_String1="wlan", _String2="dhcpclient") returned 19 [0123.648] _wcsicmp (_String1="wlan", _String2="dnsclient") returned 19 [0123.648] _wcsicmp (_String1="wlan", _String2="firewall") returned 17 [0123.648] _wcsicmp (_String1="wlan", _String2="http") returned 15 [0123.648] _wcsicmp (_String1="wlan", _String2="interface") returned 14 [0123.648] _wcsicmp (_String1="wlan", _String2="ipsec") returned 14 [0123.648] _wcsicmp (_String1="wlan", _String2="lan") returned 11 [0123.648] _wcsicmp (_String1="wlan", _String2="namespace") returned 9 [0123.648] _wcsicmp (_String1="wlan", _String2="netio") returned 9 [0123.648] _wcsicmp (_String1="wlan", _String2="p2p") returned 7 [0123.648] _wcsicmp (_String1="wlan", _String2="ras") returned 5 [0123.648] _wcsicmp (_String1="wlan", _String2="rpc") returned 5 [0123.648] _wcsicmp (_String1="wlan", _String2="wfp") returned 6 [0123.649] _wcsicmp (_String1="wlan", _String2="winhttp") returned 3 [0123.649] _wcsicmp (_String1="wlan", _String2="advfirewall") returned 22 [0123.649] _wcsicmp (_String1="wlan", _String2="bridge") returned 21 [0123.649] _wcsicmp (_String1="wlan", _String2="dhcpclient") returned 19 [0123.649] _wcsicmp (_String1="wlan", _String2="dnsclient") returned 19 [0123.649] _wcsicmp (_String1="wlan", _String2="firewall") returned 17 [0123.649] _wcsicmp (_String1="wlan", _String2="http") returned 15 [0123.649] _wcsicmp (_String1="wlan", _String2="interface") returned 14 [0123.649] _wcsicmp (_String1="wlan", _String2="ipsec") returned 14 [0123.649] _wcsicmp (_String1="wlan", _String2="lan") returned 11 [0123.649] _wcsicmp (_String1="wlan", _String2="namespace") returned 9 [0123.649] _wcsicmp (_String1="wlan", _String2="netio") returned 9 [0123.649] _wcsicmp (_String1="wlan", _String2="p2p") returned 7 [0123.649] _wcsicmp (_String1="wlan", _String2="ras") returned 5 [0123.649] _wcsicmp (_String1="wlan", _String2="rpc") returned 5 [0123.649] _wcsicmp (_String1="wlan", _String2="wfp") returned 6 [0123.649] _wcsicmp (_String1="wlan", _String2="winhttp") returned 3 [0123.649] GetProcessHeap () returned 0xad0000 [0123.649] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x4c8) returned 0xb04ae0 [0123.649] memcpy (in: _Dst=0xb04ae0, _Src=0xaf99d8, _Size=0x480 | out: _Dst=0xb04ae0) returned 0xb04ae0 [0123.649] memcpy (in: _Dst=0xb04f60, _Src=0x187690, _Size=0x48 | out: _Dst=0xb04f60) returned 0xb04f60 [0123.649] GetProcessHeap () returned 0xad0000 [0123.651] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf99d8) returned 1 [0123.651] RegisterContext () returned 0x0 [0123.651] _wcsicmp (_String1="winsock", _String2="advfirewall") returned 22 [0123.651] _wcsicmp (_String1="winsock", _String2="bridge") returned 21 [0123.651] _wcsicmp (_String1="winsock", _String2="dhcpclient") returned 19 [0123.651] _wcsicmp (_String1="winsock", _String2="dnsclient") returned 19 [0123.651] _wcsicmp (_String1="winsock", _String2="firewall") returned 17 [0123.651] _wcsicmp (_String1="winsock", _String2="http") returned 15 [0123.651] _wcsicmp (_String1="winsock", _String2="interface") returned 14 [0123.651] _wcsicmp (_String1="winsock", _String2="ipsec") returned 14 [0123.651] _wcsicmp (_String1="winsock", _String2="lan") returned 11 [0123.651] _wcsicmp (_String1="winsock", _String2="namespace") returned 9 [0123.651] _wcsicmp (_String1="winsock", _String2="netio") returned 9 [0123.651] _wcsicmp (_String1="winsock", _String2="p2p") returned 7 [0123.652] _wcsicmp (_String1="winsock", _String2="ras") returned 5 [0123.652] _wcsicmp (_String1="winsock", _String2="rpc") returned 5 [0123.652] _wcsicmp (_String1="winsock", _String2="wfp") returned 3 [0123.652] _wcsicmp (_String1="winsock", _String2="winhttp") returned 11 [0123.652] _wcsicmp (_String1="winsock", _String2="wlan") returned -3 [0123.652] _wcsicmp (_String1="winsock", _String2="advfirewall") returned 22 [0123.652] _wcsicmp (_String1="winsock", _String2="bridge") returned 21 [0123.652] _wcsicmp (_String1="winsock", _String2="dhcpclient") returned 19 [0123.652] _wcsicmp (_String1="winsock", _String2="dnsclient") returned 19 [0123.652] _wcsicmp (_String1="winsock", _String2="firewall") returned 17 [0123.652] _wcsicmp (_String1="winsock", _String2="http") returned 15 [0123.652] _wcsicmp (_String1="winsock", _String2="interface") returned 14 [0123.652] _wcsicmp (_String1="winsock", _String2="ipsec") returned 14 [0123.652] _wcsicmp (_String1="winsock", _String2="lan") returned 11 [0123.652] _wcsicmp (_String1="winsock", _String2="namespace") returned 9 [0123.652] _wcsicmp (_String1="winsock", _String2="netio") returned 9 [0123.652] _wcsicmp (_String1="winsock", _String2="p2p") returned 7 [0123.652] _wcsicmp (_String1="winsock", _String2="ras") returned 5 [0123.652] _wcsicmp (_String1="winsock", _String2="rpc") returned 5 [0123.652] _wcsicmp (_String1="winsock", _String2="wfp") returned 3 [0123.652] _wcsicmp (_String1="winsock", _String2="winhttp") returned 11 [0123.653] _wcsicmp (_String1="winsock", _String2="wlan") returned -3 [0123.653] GetProcessHeap () returned 0xad0000 [0123.653] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x510) returned 0xaf9598 [0123.653] memcpy (in: _Dst=0xaf9598, _Src=0xb04ae0, _Size=0x480 | out: _Dst=0xaf9598) returned 0xaf9598 [0123.653] memcpy (in: _Dst=0xaf9a18, _Src=0x18768c, _Size=0x48 | out: _Dst=0xaf9a18) returned 0xaf9a18 [0123.653] memcpy (in: _Dst=0xaf9a60, _Src=0xb04f60, _Size=0x48 | out: _Dst=0xaf9a60) returned 0xaf9a60 [0123.653] GetProcessHeap () returned 0xad0000 [0123.654] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xb04ae0) returned 1 [0123.744] RegisterContext () returned 0x0 [0123.744] _wcsicmp (_String1="branchcache", _String2="advfirewall") returned 1 [0123.744] _wcsicmp (_String1="branchcache", _String2="bridge") returned -8 [0123.744] _wcsicmp (_String1="branchcache", _String2="dhcpclient") returned -2 [0123.744] _wcsicmp (_String1="branchcache", _String2="dnsclient") returned -2 [0123.745] _wcsicmp (_String1="branchcache", _String2="firewall") returned -4 [0123.745] _wcsicmp (_String1="branchcache", _String2="http") returned -6 [0123.745] _wcsicmp (_String1="branchcache", _String2="interface") returned -7 [0123.745] _wcsicmp (_String1="branchcache", _String2="ipsec") returned -7 [0123.745] _wcsicmp (_String1="branchcache", _String2="lan") returned -10 [0123.745] _wcsicmp (_String1="branchcache", _String2="namespace") returned -12 [0123.745] _wcsicmp (_String1="branchcache", _String2="netio") returned -12 [0123.745] _wcsicmp (_String1="branchcache", _String2="p2p") returned -14 [0123.745] _wcsicmp (_String1="branchcache", _String2="ras") returned -16 [0123.745] _wcsicmp (_String1="branchcache", _String2="rpc") returned -16 [0123.745] _wcsicmp (_String1="branchcache", _String2="wfp") returned -21 [0123.745] _wcsicmp (_String1="branchcache", _String2="winhttp") returned -21 [0123.745] _wcsicmp (_String1="branchcache", _String2="winsock") returned -21 [0123.745] _wcsicmp (_String1="branchcache", _String2="wlan") returned -21 [0123.745] _wcsicmp (_String1="branchcache", _String2="advfirewall") returned 1 [0123.745] _wcsicmp (_String1="branchcache", _String2="bridge") returned -8 [0123.745] GetProcessHeap () returned 0xad0000 [0123.745] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x558) returned 0xb04ae0 [0123.745] memcpy (in: _Dst=0xb04ae0, _Src=0xaf9598, _Size=0x48 | out: _Dst=0xb04ae0) returned 0xb04ae0 [0123.745] memcpy (in: _Dst=0xb04b28, _Src=0x187688, _Size=0x48 | out: _Dst=0xb04b28) returned 0xb04b28 [0123.745] memcpy (in: _Dst=0xb04b70, _Src=0xaf95e0, _Size=0x4c8 | out: _Dst=0xb04b70) returned 0xb04b70 [0123.745] GetProcessHeap () returned 0xad0000 [0123.746] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9598) returned 1 [0123.746] RegisterContext () returned 0x0 [0123.746] GetProcessHeap () returned 0xad0000 [0123.746] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x48) returned 0xae5a70 [0123.746] memcpy (in: _Dst=0xae5a70, _Src=0x187688, _Size=0x48 | out: _Dst=0xae5a70) returned 0xae5a70 [0123.746] GetProcessHeap () returned 0xad0000 [0123.746] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0x0) returned 1 [0123.746] SetConsoleCtrlHandler (HandlerRoutine=0x15382a0, Add=1) returned 1 [0123.746] SetThreadUILanguage (LangId=0x0) returned 0x409 [0123.753] _wcsicmp (_String1="firewall", _String2="-?") returned 57 [0123.753] _wcsicmp (_String1="firewall", _String2="-h") returned 57 [0123.753] _wcsicmp (_String1="firewall", _String2="?") returned 39 [0123.753] _wcsicmp (_String1="firewall", _String2="/?") returned 55 [0123.753] _wcsicmp (_String1="firewall", _String2="-v") returned 57 [0123.754] _wcsicmp (_String1="firewall", _String2="-a") returned 57 [0123.754] _wcsicmp (_String1="firewall", _String2="-c") returned 57 [0123.754] _wcsicmp (_String1="firewall", _String2="-f") returned 57 [0123.754] _wcsicmp (_String1="firewall", _String2="-r") returned 57 [0123.754] _wcsicmp (_String1="firewall", _String2="-u") returned 57 [0123.754] _wcsicmp (_String1="firewall", _String2="-p") returned 57 [0123.754] GetVersionExW (in: lpVersionInformation=0x187604*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x187604*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0123.754] _vsnwprintf (in: _Buffer=0x1543780, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x1875f0 | out: _Buffer="10.0.10586") returned 10 [0123.754] _vsnwprintf (in: _Buffer=0x1543990, _BufferCount=0x103, _Format="%d", _ArgList=0x1875e0 | out: _Buffer="10586") returned 5 [0123.754] _vsnwprintf (in: _Buffer=0x1543ba0, _BufferCount=0x103, _Format="%d", _ArgList=0x1875d0 | out: _Buffer="0") returned 1 [0123.754] _vsnwprintf (in: _Buffer=0x1543db0, _BufferCount=0x103, _Format="%d", _ArgList=0x1875c0 | out: _Buffer="0") returned 1 [0123.754] GetProcessHeap () returned 0xad0000 [0123.754] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9120 [0123.754] GetProcessHeap () returned 0xad0000 [0123.754] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9180 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf93d8 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf93c0 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf93f0 [0123.755] wcscpy_s (in: _Destination=0xaf93f0, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf93d8) returned 1 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9180) returned 1 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9180 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9360 [0123.755] GetProcessHeap () returned 0xad0000 [0123.755] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc4) returned 0xb049e8 [0123.755] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf93d8 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xaf41e8 [0123.756] wcscpy_s (in: _Destination=0xaf41e8, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9378 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xae8a50 [0123.756] wcscpy_s (in: _Destination=0xae8a50, _SizeInWords=0x4, _Source="add" | out: _Destination="add") returned 0x0 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf93a8 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1e) returned 0xaf0a10 [0123.756] wcscpy_s (in: _Destination=0xaf0a10, _SizeInWords=0xf, _Source="allowedprogram" | out: _Destination="allowedprogram") returned 0x0 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9408 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x68) returned 0xae2ef0 [0123.756] wcscpy_s (in: _Destination=0xae2ef0, _SizeInWords=0x34, _Source="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" | out: _Destination="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe") returned 0x0 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9348 [0123.756] GetProcessHeap () returned 0xad0000 [0123.756] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xaf4168 [0123.756] wcscpy_s (in: _Destination=0xaf4168, _SizeInWords=0xb, _Source="server.exe" | out: _Destination="server.exe") returned 0x0 [0123.756] GetProcessHeap () returned 0xad0000 [0123.757] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9390 [0123.757] GetProcessHeap () returned 0xad0000 [0123.757] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xe) returned 0xaf97a8 [0123.757] wcscpy_s (in: _Destination=0xaf97a8, _SizeInWords=0x7, _Source="ENABLE" | out: _Destination="ENABLE") returned 0x0 [0123.757] GetProcessHeap () returned 0xad0000 [0123.758] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xb049e8) returned 1 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9360) returned 1 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9628 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xaf4248 [0123.758] wcscpy_s (in: _Destination=0xaf4248, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf41e8) returned 1 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf93d8) returned 1 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf96e8 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xaf40a8 [0123.758] wcscpy_s (in: _Destination=0xaf40a8, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf4248) returned 1 [0123.758] GetProcessHeap () returned 0xad0000 [0123.758] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9628) returned 1 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9700 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xae8a70 [0123.759] wcscpy_s (in: _Destination=0xae8a70, _SizeInWords=0x4, _Source="add" | out: _Destination="add") returned 0x0 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae8a50) returned 1 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9378) returned 1 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9610 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1e) returned 0xaf09c0 [0123.759] wcscpy_s (in: _Destination=0xaf09c0, _SizeInWords=0xf, _Source="allowedprogram" | out: _Destination="allowedprogram") returned 0x0 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf0a10) returned 1 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf93a8) returned 1 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9748 [0123.759] GetProcessHeap () returned 0xad0000 [0123.759] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x68) returned 0xae1ac8 [0123.759] wcscpy_s (in: _Destination=0xae1ac8, _SizeInWords=0x34, _Source="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" | out: _Destination="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe") returned 0x0 [0123.759] GetProcessHeap () returned 0xad0000 [0123.760] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae2ef0) returned 1 [0123.760] GetProcessHeap () returned 0xad0000 [0123.760] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9408) returned 1 [0123.760] GetProcessHeap () returned 0xad0000 [0123.760] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf95f8 [0123.760] GetProcessHeap () returned 0xad0000 [0123.760] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xaf40c8 [0123.760] wcscpy_s (in: _Destination=0xaf40c8, _SizeInWords=0xb, _Source="server.exe" | out: _Destination="server.exe") returned 0x0 [0123.760] GetProcessHeap () returned 0xad0000 [0123.760] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf4168) returned 1 [0123.760] GetProcessHeap () returned 0xad0000 [0123.760] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9348) returned 1 [0123.760] GetProcessHeap () returned 0xad0000 [0123.760] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9778 [0123.760] GetProcessHeap () returned 0xad0000 [0123.760] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xe) returned 0xaf9760 [0123.761] wcscpy_s (in: _Destination=0xaf9760, _SizeInWords=0x7, _Source="ENABLE" | out: _Destination="ENABLE") returned 0x0 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf97a8) returned 1 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9390) returned 1 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1c) returned 0xaf0bc8 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf96a0 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xaf42e8 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xae8b10 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1e) returned 0xaf09e8 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x68) returned 0xae2ef0 [0123.761] GetProcessHeap () returned 0xad0000 [0123.761] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xaf41a8 [0123.761] GetProcessHeap () returned 0xad0000 [0123.762] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xe) returned 0xaf9790 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9628 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf9628, Size=0xe) returned 0xaf97a8 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf97a8, Size=0x1e) returned 0xaf0ab0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf0ab0, Size=0x20) returned 0xaf0a10 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf0a10, Size=0x26) returned 0xaf8c30 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf8c30, Size=0x28) returned 0xaf89c0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf89c0, Size=0x44) returned 0xae5ac0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xae5ac0, Size=0x46) returned 0xae5390 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xae5390, Size=0xac) returned 0xaf99a0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf99a0, Size=0xae) returned 0xaf99a0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf99a0, Size=0xc2) returned 0xaf99a0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf99a0, Size=0xc4) returned 0xaf99a0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.762] RtlReAllocateHeap (Heap=0xad0000, Flags=0x0, Ptr=0xaf99a0, Size=0xd0) returned 0xaf99a0 [0123.762] GetProcessHeap () returned 0xad0000 [0123.763] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf99a0) returned 1 [0123.763] lstrcmpiW (lpString1="netsh", lpString2="namespace") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="branchcache") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="advfirewall") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="firewall") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="interface") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="dhcp") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="dnsclient") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="routing") returned -1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="ip") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="ipv6") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="aaaa") returned 1 [0123.764] lstrcmpiW (lpString1="netsh", lpString2="ras") returned -1 [0123.764] _wcsnicmp (_String1="firewall", _String2="dump", _MaxCount=0x8) returned 2 [0123.764] _wcsnicmp (_String1="firewall", _String2="help", _MaxCount=0x8) returned -2 [0123.764] _wcsnicmp (_String1="firewall", _String2="?", _MaxCount=0x8) returned 39 [0123.764] _wcsnicmp (_String1="firewall", _String2="exec", _MaxCount=0x8) returned 1 [0123.764] _wcsnicmp (_String1="firewall", _String2="advfirew", _MaxCount=0x8) returned 5 [0123.764] _wcsnicmp (_String1="firewall", _String2="branchca", _MaxCount=0x8) returned 4 [0123.764] _wcsnicmp (_String1="firewall", _String2="bridge", _MaxCount=0x8) returned 4 [0123.764] _wcsnicmp (_String1="firewall", _String2="dhcpclie", _MaxCount=0x8) returned 2 [0123.764] _wcsnicmp (_String1="firewall", _String2="dnsclien", _MaxCount=0x8) returned 2 [0123.764] _wcsnicmp (_String1="firewall", _String2="firewall", _MaxCount=0x8) returned 0 [0123.764] lstrcmpiW (lpString1="firewall", lpString2="namespace") returned -1 [0123.764] lstrcmpiW (lpString1="firewall", lpString2="branchcache") returned 1 [0123.764] lstrcmpiW (lpString1="firewall", lpString2="advfirewall") returned 1 [0123.764] lstrcmpiW (lpString1="firewall", lpString2="firewall") returned 0 [0123.764] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9898 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9880 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xd0) returned 0xaf99a0 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9688 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf95c8 [0123.765] wcscpy_s (in: _Destination=0xaf95c8, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9838 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xaf4248 [0123.765] wcscpy_s (in: _Destination=0xaf4248, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9628 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x8) returned 0xae8b20 [0123.765] wcscpy_s (in: _Destination=0xae8b20, _SizeInWords=0x4, _Source="add" | out: _Destination="add") returned 0x0 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf98b0 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x1e) returned 0xaf0a10 [0123.765] wcscpy_s (in: _Destination=0xaf0a10, _SizeInWords=0xf, _Source="allowedprogram" | out: _Destination="allowedprogram") returned 0x0 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf97a8 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x68) returned 0xafb950 [0123.765] wcscpy_s (in: _Destination=0xafb950, _SizeInWords=0x34, _Source="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" | out: _Destination="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe") returned 0x0 [0123.765] GetProcessHeap () returned 0xad0000 [0123.765] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf9718 [0123.766] GetProcessHeap () returned 0xad0000 [0123.766] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x16) returned 0xaf4028 [0123.766] wcscpy_s (in: _Destination=0xaf4028, _SizeInWords=0xb, _Source="server.exe" | out: _Destination="server.exe") returned 0x0 [0123.766] GetProcessHeap () returned 0xad0000 [0123.766] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xc) returned 0xaf95e0 [0123.766] GetProcessHeap () returned 0xad0000 [0123.766] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0xe) returned 0xaf9730 [0123.766] wcscpy_s (in: _Destination=0xaf9730, _SizeInWords=0x7, _Source="ENABLE" | out: _Destination="ENABLE") returned 0x0 [0123.766] GetProcessHeap () returned 0xad0000 [0123.766] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf99a0) returned 1 [0123.766] GetProcessHeap () returned 0xad0000 [0123.767] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9880) returned 1 [0123.767] GetProcessHeap () returned 0xad0000 [0123.767] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf4248) returned 1 [0123.767] GetProcessHeap () returned 0xad0000 [0123.767] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x12) returned 0xaf4148 [0123.767] lstrcmpiW (lpString1="firewall", lpString2="routing") returned -1 [0123.767] lstrcmpiW (lpString1="firewall", lpString2="ip") returned -1 [0123.767] lstrcmpiW (lpString1="firewall", lpString2="ipv6") returned -1 [0123.767] lstrcmpiW (lpString1="firewall", lpString2="aaaa") returned 1 [0123.767] lstrcmpiW (lpString1="firewall", lpString2="ras") returned -1 [0123.767] _wcsnicmp (_String1="add", _String2="dum", _MaxCount=0x3) returned -3 [0123.767] _wcsnicmp (_String1="add", _String2="hel", _MaxCount=0x3) returned -7 [0123.767] _wcsnicmp (_String1="add", _String2="?", _MaxCount=0x3) returned 34 [0123.767] _wcsnicmp (_String1="add", _String2="res", _MaxCount=0x3) returned -17 [0123.767] _wcsnicmp (_String1="add", _String2="add", _MaxCount=0x3) returned 0 [0123.767] _wcsnicmp (_String1="allowedprogram", _String2="help", _MaxCount=0xe) returned -7 [0123.767] _wcsnicmp (_String1="allowedprogram", _String2="?", _MaxCount=0xe) returned 34 [0123.767] wcstok (in: _String="allowedprogram", _Delimiter=" ", _Context=0xb04c48 | out: _String="allowedprogram", _Context=0xb04c48) returned="allowedprogram" [0123.767] _wcsnicmp (_String1="allowedprogram", _String2="allowedprogram", _MaxCount=0xe) returned 0 [0123.767] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0xb04c48 | out: _String=0x0, _Context=0xb04c48) returned 0x0 [0123.767] lstrcmpiW (lpString1="firewall", lpString2="netsh") returned -1 [0123.767] WinSqmAddToStream () returned 0x2487 [0123.767] MatchEnumTag () returned 0x0 [0123.767] _wcsnicmp (_String1="ENABLE", _String2="enable", _MaxCount=0x6) returned 0 [0125.894] PrintError () returned 0x131 [0125.895] LoadStringW (in: hInstance=0x6d910000, uID=0x119a, lpBuffer=0x17f518, cchBufferMax=16384 | out: lpBuffer="\nIMPORTANT: Command executed successfully.\nHowever, \"netsh firewall\" is deprecated;\nuse \"netsh advfirewall firewall\" instead.\nFor more information on using \"netsh advfirewall firewall\" commands\ninstead of \"netsh firewall\", see KB article 947709\nat http://go.microsoft.com/fwlink/?linkid=121488 .\n\n") returned 0x129 [0125.895] FormatMessageW (in: dwFlags=0x500, lpSource=0x17f518, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x17f514, nSize=0x0, Arguments=0x17f510 | out: lpBuffer="邈¸\nIMPORTANT: Command executed successfully.\nHowever, \"netsh firewall\" is deprecated;\nuse \"netsh advfirewall firewall\" instead.\nFor more information on using \"netsh advfirewall firewall\" commands\ninstead of \"netsh firewall\", see KB article 947709\nat http://go.microsoft.com/fwlink/?linkid=121488 .\n\n") returned 0x131 [0125.895] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0125.895] GetConsoleOutputCP () returned 0x1b5 [0125.956] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 306 [0125.999] GetProcessHeap () returned 0xad0000 [0125.999] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x132) returned 0xb96d20 [0125.999] GetConsoleOutputCP () returned 0x1b5 [0126.048] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0xb96d20, cbMultiByte=306, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", lpUsedDefaultChar=0x0) returned 306 [0126.048] WriteFile (in: hFile=0x3c, lpBuffer=0xb96d20*, nNumberOfBytesToWrite=0x131, lpNumberOfBytesWritten=0x17f4f4, lpOverlapped=0x0 | out: lpBuffer=0xb96d20*, lpNumberOfBytesWritten=0x17f4f4*=0x131, lpOverlapped=0x0) returned 1 [0126.140] GetProcessHeap () returned 0xad0000 [0126.140] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xb96d20) returned 1 [0126.140] LocalFree (hMem=0xb89088) returned 0x0 [0126.140] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x17f5cc, cchBufferMax=16384 | out: lpBuffer="Ok.\n") returned 0x4 [0126.141] FormatMessageW (in: dwFlags=0x500, lpSource=0x17f5cc, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x17f5b0, nSize=0x0, Arguments=0x17f5c8 | out: lpBuffer="ᦘ®痔\x18腣œꇠ涑㪧") returned 0x5 [0126.141] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0126.141] GetConsoleOutputCP () returned 0x1b5 [0126.192] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0126.192] GetProcessHeap () returned 0xad0000 [0126.192] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x6) returned 0xae8980 [0126.193] GetConsoleOutputCP () returned 0x1b5 [0126.280] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0xae8980, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0126.280] WriteFile (in: hFile=0x3c, lpBuffer=0xae8980*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x17f59c, lpOverlapped=0x0 | out: lpBuffer=0xae8980*, lpNumberOfBytesWritten=0x17f59c*=0x5, lpOverlapped=0x0) returned 1 [0126.345] GetProcessHeap () returned 0xad0000 [0126.374] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae8980) returned 1 [0126.374] LocalFree (hMem=0xae1998) returned 0x0 [0126.374] FormatMessageW (in: dwFlags=0x500, lpSource=0x1531244, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x1875c8, nSize=0x0, Arguments=0x1875d4 | out: lpBuffer="須¯痘\x18胐œ痤\x18痼\x18寯œቄœ䱈°") returned 0x2 [0126.374] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0126.374] GetConsoleOutputCP () returned 0x1b5 [0126.424] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0126.424] GetProcessHeap () returned 0xad0000 [0126.424] RtlAllocateHeap (HeapHandle=0xad0000, Flags=0x0, Size=0x3) returned 0xae89f0 [0126.424] GetConsoleOutputCP () returned 0x1b5 [0126.532] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0xae89f0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0126.532] WriteFile (in: hFile=0x3c, lpBuffer=0xae89f0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1875b4, lpOverlapped=0x0 | out: lpBuffer=0xae89f0*, lpNumberOfBytesWritten=0x1875b4*=0x2, lpOverlapped=0x0) returned 1 [0126.634] GetProcessHeap () returned 0xad0000 [0126.634] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae89f0) returned 1 [0126.634] LocalFree (hMem=0xaf9808) returned 0x0 [0126.634] GetProcessHeap () returned 0xad0000 [0126.634] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf96a0) returned 1 [0126.634] GetProcessHeap () returned 0xad0000 [0126.634] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf42e8) returned 1 [0126.634] GetProcessHeap () returned 0xad0000 [0126.634] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae8b10) returned 1 [0126.634] GetProcessHeap () returned 0xad0000 [0126.635] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf09e8) returned 1 [0126.635] GetProcessHeap () returned 0xad0000 [0126.635] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae2ef0) returned 1 [0126.647] GetProcessHeap () returned 0xad0000 [0126.649] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf41a8) returned 1 [0126.674] GetProcessHeap () returned 0xad0000 [0126.674] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9790) returned 1 [0126.674] GetProcessHeap () returned 0xad0000 [0126.674] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf0bc8) returned 1 [0126.674] GetProcessHeap () returned 0xad0000 [0126.675] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf40a8) returned 1 [0126.675] GetProcessHeap () returned 0xad0000 [0126.675] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf96e8) returned 1 [0126.675] GetProcessHeap () returned 0xad0000 [0126.675] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae8a70) returned 1 [0126.675] GetProcessHeap () returned 0xad0000 [0126.675] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9700) returned 1 [0126.675] GetProcessHeap () returned 0xad0000 [0126.675] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf09c0) returned 1 [0126.675] GetProcessHeap () returned 0xad0000 [0126.675] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9610) returned 1 [0126.675] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xae1ac8) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9748) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf40c8) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf95f8) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9760) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9778) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9180) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf93f0) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf93c0) returned 1 [0126.676] GetProcessHeap () returned 0xad0000 [0126.676] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xaf9120) returned 1 [0126.923] GetProcessHeap () returned 0xad0000 [0126.924] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafbfb8) returned 1 [0126.924] FreeLibrary (hLibModule=0x1530000) returned 1 [0126.924] FreeLibrary (hLibModule=0x6eb30000) returned 1 [0126.925] FreeLibrary (hLibModule=0x6eae0000) returned 1 [0126.943] free (_Block=0xaa3c28) [0126.944] LocalFree (hMem=0xae5c80) returned 0x0 [0126.945] LocalFree (hMem=0xae5e00) returned 0x0 [0126.945] LocalFree (hMem=0xae1b68) returned 0x0 [0126.945] LocalFree (hMem=0xae1e58) returned 0x0 [0126.945] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0xae5c80 [0126.945] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0xaf9610 [0126.945] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0xaf9748 [0126.945] free (_Block=0xaa3ba8) [0126.945] free (_Block=0x0) [0126.945] free (_Block=0xaa1180) [0126.945] free (_Block=0xaa3bc0) [0126.945] free (_Block=0xaa3c08) [0126.945] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0xb88408 [0126.948] LocalFree (hMem=0xb88408) returned 0x0 [0126.949] LocalFree (hMem=0xae5e90) returned 0x0 [0126.950] LocalFree (hMem=0xae5c80) returned 0x0 [0126.951] free (_Block=0xaa3aa0) [0126.951] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x75640000 [0126.951] FreeLibrary (hLibModule=0x75640000) returned 1 [0126.951] LocalFree (hMem=0xaf9748) returned 0x0 [0126.951] LocalFree (hMem=0xaf9610) returned 0x0 [0126.951] GlobalHandle (pMem=0xae5b70) returned 0x930004 [0126.951] GlobalUnlock (hMem=0x930004) returned 0 [0126.960] FreeLibrary (hLibModule=0x6da70000) returned 1 [0126.962] FreeLibrary (hLibModule=0x6e8a0000) returned 1 [0126.964] FreeLibrary (hLibModule=0x6da10000) returned 1 [0127.056] FreeLibrary (hLibModule=0x6d910000) returned 1 [0127.057] FreeLibrary (hLibModule=0x6d900000) returned 1 [0127.079] FreeLibrary (hLibModule=0x6d610000) returned 1 [0127.082] FreeLibrary (hLibModule=0x6d600000) returned 1 [0127.083] FreeLibrary (hLibModule=0x6d580000) returned 1 [0127.186] FreeLibrary (hLibModule=0x6d3d0000) returned 1 [0127.190] FreeLibrary (hLibModule=0x6d360000) returned 1 [0127.197] FreeLibrary (hLibModule=0x6d320000) returned 1 [0127.198] FreeLibrary (hLibModule=0x6d310000) returned 1 [0127.201] FreeLibrary (hLibModule=0x6d2d0000) returned 1 [0127.211] FreeLibrary (hLibModule=0x6d210000) returned 1 [0127.214] FreeLibrary (hLibModule=0x6d160000) returned 1 [0127.522] GetProcessHeap () returned 0xad0000 [0127.523] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xafbe48) returned 1 [0127.523] GetProcessHeap () returned 0xad0000 [0127.523] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad0598) returned 1 [0127.523] GetProcessHeap () returned 0xad0000 [0127.523] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6ed0) returned 1 [0127.523] GetProcessHeap () returned 0xad0000 [0127.523] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad7530) returned 1 [0127.524] GetProcessHeap () returned 0xad0000 [0127.524] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad7168) returned 1 [0127.524] GetProcessHeap () returned 0xad0000 [0127.524] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad7178) returned 1 [0127.524] GetProcessHeap () returned 0xad0000 [0127.524] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6f30) returned 1 [0127.524] GetProcessHeap () returned 0xad0000 [0127.524] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6f40) returned 1 [0127.524] GetProcessHeap () returned 0xad0000 [0127.524] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6f50) returned 1 [0127.524] GetProcessHeap () returned 0xad0000 [0127.524] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6f60) returned 1 [0127.525] GetProcessHeap () returned 0xad0000 [0127.525] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6f70) returned 1 [0127.525] GetProcessHeap () returned 0xad0000 [0127.525] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6f80) returned 1 [0127.525] GetProcessHeap () returned 0xad0000 [0127.525] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6f90) returned 1 [0127.525] GetProcessHeap () returned 0xad0000 [0127.525] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6900) returned 1 [0127.525] GetProcessHeap () returned 0xad0000 [0127.525] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6910) returned 1 [0127.525] GetProcessHeap () returned 0xad0000 [0127.525] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad6920) returned 1 [0127.525] GetProcessHeap () returned 0xad0000 [0127.526] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e60) returned 1 [0127.526] GetProcessHeap () returned 0xad0000 [0127.526] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e30) returned 1 [0127.526] GetProcessHeap () returned 0xad0000 [0127.526] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8ec0) returned 1 [0127.526] GetProcessHeap () returned 0xad0000 [0127.526] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f80) returned 1 [0127.526] GetProcessHeap () returned 0xad0000 [0127.526] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e10) returned 1 [0127.526] GetProcessHeap () returned 0xad0000 [0127.526] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f10) returned 1 [0127.526] GetProcessHeap () returned 0xad0000 [0127.527] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8ed0) returned 1 [0127.527] GetProcessHeap () returned 0xad0000 [0127.527] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e50) returned 1 [0127.527] GetProcessHeap () returned 0xad0000 [0127.527] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8ee0) returned 1 [0127.527] GetProcessHeap () returned 0xad0000 [0127.527] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e40) returned 1 [0127.527] GetProcessHeap () returned 0xad0000 [0127.527] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8ef0) returned 1 [0127.527] GetProcessHeap () returned 0xad0000 [0127.527] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e70) returned 1 [0127.527] GetProcessHeap () returned 0xad0000 [0127.528] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e80) returned 1 [0127.528] GetProcessHeap () returned 0xad0000 [0127.528] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f20) returned 1 [0127.528] GetProcessHeap () returned 0xad0000 [0127.528] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f60) returned 1 [0127.529] GetProcessHeap () returned 0xad0000 [0127.529] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8df0) returned 1 [0127.529] GetProcessHeap () returned 0xad0000 [0127.530] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f30) returned 1 [0127.530] GetProcessHeap () returned 0xad0000 [0127.530] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8de0) returned 1 [0127.530] GetProcessHeap () returned 0xad0000 [0127.530] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f40) returned 1 [0127.530] GetProcessHeap () returned 0xad0000 [0127.530] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8eb0) returned 1 [0127.530] GetProcessHeap () returned 0xad0000 [0127.530] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f00) returned 1 [0127.530] GetProcessHeap () returned 0xad0000 [0127.530] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f50) returned 1 [0127.530] GetProcessHeap () returned 0xad0000 [0127.530] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e90) returned 1 [0127.532] GetProcessHeap () returned 0xad0000 [0127.533] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f90) returned 1 [0127.533] GetProcessHeap () returned 0xad0000 [0127.533] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e00) returned 1 [0127.533] GetProcessHeap () returned 0xad0000 [0127.533] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8ea0) returned 1 [0127.533] GetProcessHeap () returned 0xad0000 [0127.533] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8f70) returned 1 [0127.533] GetProcessHeap () returned 0xad0000 [0127.533] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8dc0) returned 1 [0127.533] GetProcessHeap () returned 0xad0000 [0127.533] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8dd0) returned 1 [0127.533] GetProcessHeap () returned 0xad0000 [0127.533] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8e20) returned 1 [0127.534] GetProcessHeap () returned 0xad0000 [0127.534] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad92e0) returned 1 [0127.534] GetProcessHeap () returned 0xad0000 [0127.534] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad91e0) returned 1 [0127.534] GetProcessHeap () returned 0xad0000 [0127.534] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9240) returned 1 [0127.534] GetProcessHeap () returned 0xad0000 [0127.534] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9280) returned 1 [0127.534] GetProcessHeap () returned 0xad0000 [0127.535] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9330) returned 1 [0127.535] GetProcessHeap () returned 0xad0000 [0127.535] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9340) returned 1 [0127.535] GetProcessHeap () returned 0xad0000 [0127.535] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9380) returned 1 [0127.535] GetProcessHeap () returned 0xad0000 [0127.535] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9350) returned 1 [0127.535] GetProcessHeap () returned 0xad0000 [0127.535] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad92c0) returned 1 [0127.536] GetProcessHeap () returned 0xad0000 [0127.536] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad91f0) returned 1 [0127.536] GetProcessHeap () returned 0xad0000 [0127.536] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9360) returned 1 [0127.536] GetProcessHeap () returned 0xad0000 [0127.536] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9370) returned 1 [0127.536] GetProcessHeap () returned 0xad0000 [0127.536] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9200) returned 1 [0127.536] GetProcessHeap () returned 0xad0000 [0127.536] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9270) returned 1 [0127.536] GetProcessHeap () returned 0xad0000 [0127.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9300) returned 1 [0127.537] GetProcessHeap () returned 0xad0000 [0127.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad92b0) returned 1 [0127.537] GetProcessHeap () returned 0xad0000 [0127.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9230) returned 1 [0127.537] GetProcessHeap () returned 0xad0000 [0127.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9290) returned 1 [0127.537] GetProcessHeap () returned 0xad0000 [0127.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad92a0) returned 1 [0127.537] GetProcessHeap () returned 0xad0000 [0127.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9210) returned 1 [0127.537] GetProcessHeap () returned 0xad0000 [0127.537] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9310) returned 1 [0127.538] GetProcessHeap () returned 0xad0000 [0127.538] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9220) returned 1 [0127.538] GetProcessHeap () returned 0xad0000 [0127.538] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad92d0) returned 1 [0127.538] GetProcessHeap () returned 0xad0000 [0127.538] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad92f0) returned 1 [0127.538] GetProcessHeap () returned 0xad0000 [0127.538] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9250) returned 1 [0127.538] GetProcessHeap () returned 0xad0000 [0127.538] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9320) returned 1 [0127.538] GetProcessHeap () returned 0xad0000 [0127.538] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9390) returned 1 [0127.538] GetProcessHeap () returned 0xad0000 [0127.539] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9260) returned 1 [0127.539] GetProcessHeap () returned 0xad0000 [0127.539] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad91d0) returned 1 [0127.539] GetProcessHeap () returned 0xad0000 [0127.539] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9010) returned 1 [0127.539] GetProcessHeap () returned 0xad0000 [0127.539] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad90b0) returned 1 [0127.539] GetProcessHeap () returned 0xad0000 [0127.539] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9000) returned 1 [0127.539] GetProcessHeap () returned 0xad0000 [0127.539] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9190) returned 1 [0127.539] GetProcessHeap () returned 0xad0000 [0127.540] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9110) returned 1 [0127.540] GetProcessHeap () returned 0xad0000 [0127.540] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad90c0) returned 1 [0127.540] GetProcessHeap () returned 0xad0000 [0127.540] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9120) returned 1 [0127.540] GetProcessHeap () returned 0xad0000 [0127.540] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8fe0) returned 1 [0127.540] GetProcessHeap () returned 0xad0000 [0127.540] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9020) returned 1 [0127.541] GetProcessHeap () returned 0xad0000 [0127.541] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad91b0) returned 1 [0127.541] GetProcessHeap () returned 0xad0000 [0127.541] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9160) returned 1 [0127.541] GetProcessHeap () returned 0xad0000 [0127.541] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9130) returned 1 [0127.541] GetProcessHeap () returned 0xad0000 [0127.542] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9030) returned 1 [0127.542] GetProcessHeap () returned 0xad0000 [0127.542] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad91c0) returned 1 [0127.542] GetProcessHeap () returned 0xad0000 [0127.542] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9140) returned 1 [0127.543] GetProcessHeap () returned 0xad0000 [0127.543] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9040) returned 1 [0127.543] GetProcessHeap () returned 0xad0000 [0127.543] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad91a0) returned 1 [0127.543] GetProcessHeap () returned 0xad0000 [0127.543] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9060) returned 1 [0127.543] GetProcessHeap () returned 0xad0000 [0127.544] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8fd0) returned 1 [0127.544] GetProcessHeap () returned 0xad0000 [0127.544] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad90e0) returned 1 [0127.544] GetProcessHeap () returned 0xad0000 [0127.544] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad8ff0) returned 1 [0127.544] GetProcessHeap () returned 0xad0000 [0127.544] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9050) returned 1 [0127.544] GetProcessHeap () returned 0xad0000 [0127.544] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9090) returned 1 [0127.544] GetProcessHeap () returned 0xad0000 [0127.544] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9170) returned 1 [0127.544] GetProcessHeap () returned 0xad0000 [0127.544] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad90f0) returned 1 [0127.545] GetProcessHeap () returned 0xad0000 [0127.545] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9150) returned 1 [0127.545] GetProcessHeap () returned 0xad0000 [0127.545] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9100) returned 1 [0127.545] GetProcessHeap () returned 0xad0000 [0127.545] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9070) returned 1 [0127.545] GetProcessHeap () returned 0xad0000 [0127.545] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9080) returned 1 [0127.545] GetProcessHeap () returned 0xad0000 [0127.545] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9180) returned 1 [0127.545] GetProcessHeap () returned 0xad0000 [0127.545] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad90a0) returned 1 [0127.546] GetProcessHeap () returned 0xad0000 [0127.546] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad90d0) returned 1 [0127.546] GetProcessHeap () returned 0xad0000 [0127.546] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9468) returned 1 [0127.546] GetProcessHeap () returned 0xad0000 [0127.546] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad95b8) returned 1 [0127.546] GetProcessHeap () returned 0xad0000 [0127.546] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad94e8) returned 1 [0127.546] GetProcessHeap () returned 0xad0000 [0127.546] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9508) returned 1 [0127.546] GetProcessHeap () returned 0xad0000 [0127.546] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9568) returned 1 [0127.546] GetProcessHeap () returned 0xad0000 [0127.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad94c8) returned 1 [0127.547] GetProcessHeap () returned 0xad0000 [0127.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9498) returned 1 [0127.547] GetProcessHeap () returned 0xad0000 [0127.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9408) returned 1 [0127.547] GetProcessHeap () returned 0xad0000 [0127.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9478) returned 1 [0127.547] GetProcessHeap () returned 0xad0000 [0127.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9578) returned 1 [0127.547] GetProcessHeap () returned 0xad0000 [0127.547] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9488) returned 1 [0127.547] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9598) returned 1 [0127.548] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad93d8) returned 1 [0127.548] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9528) returned 1 [0127.548] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad94a8) returned 1 [0127.548] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad95c8) returned 1 [0127.548] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9458) returned 1 [0127.548] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad94d8) returned 1 [0127.548] GetProcessHeap () returned 0xad0000 [0127.548] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9518) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9538) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9438) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad94f8) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad94b8) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9548) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad95a8) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9558) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9588) returned 1 [0127.549] GetProcessHeap () returned 0xad0000 [0127.549] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad93e8) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad93f8) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9428) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9418) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9448) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad96b8) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9788) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9758) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9768) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.550] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9628) returned 1 [0127.550] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad96f8) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9798) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9668) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9778) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9648) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad95d8) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad96d8) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9678) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.551] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9738) returned 1 [0127.551] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9698) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9748) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9688) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad95e8) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9708) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad95f8) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9608) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9618) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9638) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.552] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9658) returned 1 [0127.552] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad96a8) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad96c8) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad96e8) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9718) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9728) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a50) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b50) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b90) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.553] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a90) returned 1 [0127.553] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9aa0) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9af0) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b80) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9ab0) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b40) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a40) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b20) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a10) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b10) returned 1 [0127.554] GetProcessHeap () returned 0xad0000 [0127.554] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9ac0) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a60) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a70) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b70) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a20) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b60) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a80) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9ae0) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b00) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.555] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9ba0) returned 1 [0127.555] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9ad0) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9b30) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad99e0) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad99f0) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a00) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9a30) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad98d0) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad97e0) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9830) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.556] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9950) returned 1 [0127.556] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9920) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9820) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad98e0) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad98c0) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9850) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad98f0) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9810) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad99a0) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad98b0) returned 1 [0127.557] GetProcessHeap () returned 0xad0000 [0127.557] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad98a0) returned 1 [0127.558] GetProcessHeap () returned 0xad0000 [0127.558] RtlFreeHeap (HeapHandle=0xad0000, Flags=0x0, BaseAddress=0xad9900) returned 1 [0127.558] exit (_Code=0) Thread: id = 20 os_tid = 0x1298 Thread: id = 21 os_tid = 0x1270 Thread: id = 22 os_tid = 0x113c [0126.694] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0xb966e8 [0126.694] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0xaf97d8 [0126.694] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0xaf97f0 [0126.695] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0xb889a8 [0126.695] LocalReAlloc (hMem=0xaf97f0, uBytes=0x10, uFlags=0x2) returned 0xae1998 [0126.696] LocalFree (hMem=0xb966e8) returned 0x0 [0126.696] LocalFree (hMem=0xb889a8) returned 0x0 [0126.696] LocalFree (hMem=0xae1998) returned 0x0 [0126.696] LocalFree (hMem=0xaf97d8) returned 0x0 Thread: id = 25 os_tid = 0x11dc Process: id = "4" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x190a2000" os_pid = "0x1250" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x125c" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ebd3" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 548 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 549 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 550 start_va = 0x73400e0000 end_va = 0x734011ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000073400e0000" filename = "" Region: id = 551 start_va = 0x7340200000 end_va = 0x73403fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000007340200000" filename = "" Region: id = 552 start_va = 0x1e7b2ee0000 end_va = 0x1e7b2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b2ee0000" filename = "" Region: id = 553 start_va = 0x1e7b2f00000 end_va = 0x1e7b2f14fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b2f00000" filename = "" Region: id = 554 start_va = 0x7df5ff750000 end_va = 0x7ff5ff74ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff750000" filename = "" Region: id = 555 start_va = 0x7ff616f90000 end_va = 0x7ff616fb2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff616f90000" filename = "" Region: id = 556 start_va = 0x7ff617080000 end_va = 0x7ff617090fff monitored = 0 entry_point = 0x7ff6170816b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 557 start_va = 0x7ffff07a0000 end_va = 0x7ffff0960fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 558 start_va = 0x1e7b2f20000 end_va = 0x1e7b301ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b2f20000" filename = "" Region: id = 559 start_va = 0x7fffefeb0000 end_va = 0x7fffeff5cfff monitored = 0 entry_point = 0x7fffefec81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 560 start_va = 0x7fffece50000 end_va = 0x7fffed037fff monitored = 0 entry_point = 0x7fffece7ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 561 start_va = 0x1e7b2ee0000 end_va = 0x1e7b2eeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b2ee0000" filename = "" Region: id = 562 start_va = 0x7ff616e90000 end_va = 0x7ff616f8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff616e90000" filename = "" Region: id = 563 start_va = 0x1e7b3020000 end_va = 0x1e7b30ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 564 start_va = 0x7ffff0700000 end_va = 0x7ffff079cfff monitored = 0 entry_point = 0x7ffff07078a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 565 start_va = 0x7340120000 end_va = 0x734015ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000007340120000" filename = "" Region: id = 566 start_va = 0x1e7b30e0000 end_va = 0x1e7b328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b30e0000" filename = "" Region: id = 567 start_va = 0x1e7b2ef0000 end_va = 0x1e7b2ef6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b2ef0000" filename = "" Region: id = 568 start_va = 0x7fffe5190000 end_va = 0x7fffe51e8fff monitored = 0 entry_point = 0x7fffe519fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 569 start_va = 0x1e7b30e0000 end_va = 0x1e7b30e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b30e0000" filename = "" Region: id = 570 start_va = 0x1e7b3280000 end_va = 0x1e7b328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b3280000" filename = "" Region: id = 571 start_va = 0x7fffef9f0000 end_va = 0x7fffefc6cfff monitored = 0 entry_point = 0x7fffefac4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 572 start_va = 0x7fffefd90000 end_va = 0x7fffefeabfff monitored = 0 entry_point = 0x7fffefdd02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 573 start_va = 0x7fffed740000 end_va = 0x7fffed7a9fff monitored = 0 entry_point = 0x7fffed776d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 574 start_va = 0x7fffeff60000 end_va = 0x7ffff00b5fff monitored = 0 entry_point = 0x7fffeff6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 575 start_va = 0x7ffff0340000 end_va = 0x7ffff04c5fff monitored = 0 entry_point = 0x7ffff038ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 576 start_va = 0x1e7b30f0000 end_va = 0x1e7b30f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b30f0000" filename = "" Region: id = 577 start_va = 0x7ffff05b0000 end_va = 0x7ffff06f2fff monitored = 0 entry_point = 0x7ffff05d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 578 start_va = 0x7fffedba0000 end_va = 0x7fffedbfafff monitored = 0 entry_point = 0x7fffedbb38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 579 start_va = 0x7fffedf50000 end_va = 0x7fffedf8afff monitored = 0 entry_point = 0x7fffedf512f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 580 start_va = 0x7ffff00c0000 end_va = 0x7ffff0180fff monitored = 0 entry_point = 0x7ffff00e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 581 start_va = 0x7fffeb310000 end_va = 0x7fffeb495fff monitored = 0 entry_point = 0x7fffeb35d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 582 start_va = 0x1e7b3100000 end_va = 0x1e7b3100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b3100000" filename = "" Region: id = 583 start_va = 0x1e7b3110000 end_va = 0x1e7b3110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b3110000" filename = "" Region: id = 584 start_va = 0x1e7b3290000 end_va = 0x1e7b3417fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3290000" filename = "" Region: id = 585 start_va = 0x1e7b3420000 end_va = 0x1e7b35a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3420000" filename = "" Region: id = 586 start_va = 0x1e7b35b0000 end_va = 0x1e7b49affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b35b0000" filename = "" Region: id = 587 start_va = 0x1e7b3120000 end_va = 0x1e7b31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b3120000" filename = "" Region: id = 588 start_va = 0x7340160000 end_va = 0x734019ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000007340160000" filename = "" Region: id = 589 start_va = 0x7fffee060000 end_va = 0x7fffef5befff monitored = 0 entry_point = 0x7fffee1c11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 590 start_va = 0x7fffed8f0000 end_va = 0x7fffed932fff monitored = 0 entry_point = 0x7fffed904b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 591 start_va = 0x7fffed0f0000 end_va = 0x7fffed733fff monitored = 0 entry_point = 0x7fffed2b64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 592 start_va = 0x7fffedd80000 end_va = 0x7fffede26fff monitored = 0 entry_point = 0x7fffedd958d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 593 start_va = 0x7fffedee0000 end_va = 0x7fffedf31fff monitored = 0 entry_point = 0x7fffedeef530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 594 start_va = 0x7fffece40000 end_va = 0x7fffece4efff monitored = 0 entry_point = 0x7fffece43210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 595 start_va = 0x7fffed810000 end_va = 0x7fffed8c4fff monitored = 0 entry_point = 0x7fffed8522e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 596 start_va = 0x7fffecde0000 end_va = 0x7fffece2afff monitored = 0 entry_point = 0x7fffecde35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 597 start_va = 0x7fffecdc0000 end_va = 0x7fffecdd3fff monitored = 0 entry_point = 0x7fffecdc52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 598 start_va = 0x7fffeb740000 end_va = 0x7fffeb7d5fff monitored = 0 entry_point = 0x7fffeb765570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 599 start_va = 0x1e7b49b0000 end_va = 0x1e7b4aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b49b0000" filename = "" Region: id = 600 start_va = 0x1e7b4af0000 end_va = 0x1e7b4e26fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 601 start_va = 0x1e7b4e30000 end_va = 0x1e7b5046fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b4e30000" filename = "" Region: id = 602 start_va = 0x1e7b5050000 end_va = 0x1e7b526dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b5050000" filename = "" Region: id = 603 start_va = 0x1e7b49b0000 end_va = 0x1e7b4ac6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b49b0000" filename = "" Region: id = 604 start_va = 0x1e7b4ae0000 end_va = 0x1e7b4aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b4ae0000" filename = "" Region: id = 605 start_va = 0x1e7b5270000 end_va = 0x1e7b5480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b5270000" filename = "" Region: id = 606 start_va = 0x1e7b5490000 end_va = 0x1e7b559efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b5490000" filename = "" Region: id = 607 start_va = 0x73401a0000 end_va = 0x73401dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000073401a0000" filename = "" Region: id = 608 start_va = 0x7fffedc00000 end_va = 0x7fffedd59fff monitored = 0 entry_point = 0x7fffedc438e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 609 start_va = 0x1e7b3120000 end_va = 0x1e7b3120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3120000" filename = "" Region: id = 610 start_va = 0x1e7b31e0000 end_va = 0x1e7b31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b31e0000" filename = "" Region: id = 611 start_va = 0x1e7b3120000 end_va = 0x1e7b31dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3120000" filename = "" Region: id = 612 start_va = 0x1e7b31f0000 end_va = 0x1e7b31f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b31f0000" filename = "" Region: id = 613 start_va = 0x7fffea640000 end_va = 0x7fffea661fff monitored = 0 entry_point = 0x7fffea641a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 614 start_va = 0x7fffeb500000 end_va = 0x7fffeb512fff monitored = 0 entry_point = 0x7fffeb502760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 615 start_va = 0x7fffec960000 end_va = 0x7fffec9b5fff monitored = 0 entry_point = 0x7fffec970bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 616 start_va = 0x1e7b3200000 end_va = 0x1e7b3206fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001e7b3200000" filename = "" Region: id = 617 start_va = 0x1e7b3210000 end_va = 0x1e7b3210fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3210000" filename = "" Region: id = 618 start_va = 0x1e7b3220000 end_va = 0x1e7b3220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3220000" filename = "" Region: id = 619 start_va = 0x1e7b3230000 end_va = 0x1e7b3234fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 620 start_va = 0x1e7b3240000 end_va = 0x1e7b3240fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 621 start_va = 0x1e7b3250000 end_va = 0x1e7b3251fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3250000" filename = "" Region: id = 622 start_va = 0x7fffe3a00000 end_va = 0x7fffe3c73fff monitored = 0 entry_point = 0x7fffe3a70400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 623 start_va = 0x1e7b3260000 end_va = 0x1e7b3260fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 624 start_va = 0x1e7b3270000 end_va = 0x1e7b3271fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001e7b3270000" filename = "" Thread: id = 16 os_tid = 0x128c Thread: id = 17 os_tid = 0x1294 Thread: id = 18 os_tid = 0x129c Thread: id = 19 os_tid = 0x1284 Process: id = "5" image_name = "server.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe" page_root = "0x12994000" os_pid = "0xb38" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x6ac" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" .." cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f23a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1179 start_va = 0x10000 end_va = 0x1bfff monitored = 1 entry_point = 0x1747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 1180 start_va = 0x20000 end_va = 0x3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1181 start_va = 0x40000 end_va = 0x41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 1182 start_va = 0x50000 end_va = 0x64fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1183 start_va = 0x70000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1184 start_va = 0xb0000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1185 start_va = 0x1b0000 end_va = 0x1b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1186 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1187 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1188 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1189 start_va = 0x77980000 end_va = 0x77afafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1190 start_va = 0x7f320000 end_va = 0x7f342fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f320000" filename = "" Region: id = 1191 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1192 start_va = 0x7fff0000 end_va = 0x7ffa34c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1193 start_va = 0x7ffa34c50000 end_va = 0x7ffa34e10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1194 start_va = 0x7ffa34e11000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa34e11000" filename = "" Region: id = 1332 start_va = 0x400000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1333 start_va = 0x5b630000 end_va = 0x5b67ffff monitored = 0 entry_point = 0x5b648180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1334 start_va = 0x5b680000 end_va = 0x5b6f9fff monitored = 0 entry_point = 0x5b693290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1335 start_va = 0x74e00000 end_va = 0x74edffff monitored = 0 entry_point = 0x74e13980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1336 start_va = 0x5b620000 end_va = 0x5b627fff monitored = 0 entry_point = 0x5b6217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1337 start_va = 0x550000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1338 start_va = 0x74640000 end_va = 0x74698fff monitored = 1 entry_point = 0x74650780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1339 start_va = 0x74e00000 end_va = 0x74edffff monitored = 0 entry_point = 0x74e13980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1340 start_va = 0x75250000 end_va = 0x753cdfff monitored = 0 entry_point = 0x75301b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1341 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1342 start_va = 0x7f220000 end_va = 0x7f31ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f220000" filename = "" Region: id = 1343 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1344 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1345 start_va = 0x550000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1346 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1347 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1348 start_va = 0x75c90000 end_va = 0x75d0afff monitored = 0 entry_point = 0x75cae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1349 start_va = 0x777c0000 end_va = 0x7787dfff monitored = 0 entry_point = 0x777f5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1350 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1351 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1352 start_va = 0x751b0000 end_va = 0x751f3fff monitored = 0 entry_point = 0x751c9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1353 start_va = 0x75850000 end_va = 0x758fcfff monitored = 0 entry_point = 0x75864f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1354 start_va = 0x746b0000 end_va = 0x746cdfff monitored = 0 entry_point = 0x746bb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1355 start_va = 0x746a0000 end_va = 0x746a9fff monitored = 0 entry_point = 0x746a2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1356 start_va = 0x759b0000 end_va = 0x75a07fff monitored = 0 entry_point = 0x759f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1357 start_va = 0x810000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 1358 start_va = 0x74330000 end_va = 0x743acfff monitored = 1 entry_point = 0x74340db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1359 start_va = 0x75200000 end_va = 0x75244fff monitored = 0 entry_point = 0x7521de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1360 start_va = 0x75550000 end_va = 0x7570cfff monitored = 0 entry_point = 0x75632a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1361 start_va = 0x75060000 end_va = 0x751aefff monitored = 0 entry_point = 0x75116820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1362 start_va = 0x75ac0000 end_va = 0x75c06fff monitored = 0 entry_point = 0x75ad1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1363 start_va = 0x500000 end_va = 0x529fff monitored = 0 entry_point = 0x505680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1364 start_va = 0x930000 end_va = 0xab7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 1365 start_va = 0x75d10000 end_va = 0x75d3afff monitored = 0 entry_point = 0x75d15680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1366 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 1367 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1368 start_va = 0xac0000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 1369 start_va = 0xc50000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 1370 start_va = 0x1f0000 end_va = 0x1f5fff monitored = 1 entry_point = 0x1f747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 1371 start_va = 0x75a10000 end_va = 0x75a1bfff monitored = 0 entry_point = 0x75a13930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1372 start_va = 0x74320000 end_va = 0x74327fff monitored = 0 entry_point = 0x743217b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1373 start_va = 0x2050000 end_va = 0x25fffff monitored = 1 entry_point = 0x209a848 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 1374 start_va = 0x500000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1375 start_va = 0x73d70000 end_va = 0x7431ffff monitored = 1 entry_point = 0x73dba848 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 1376 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1377 start_va = 0x73b80000 end_va = 0x73c1afff monitored = 0 entry_point = 0x73b8232b region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll") Region: id = 1378 start_va = 0x2050000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1379 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 1380 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1381 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 1382 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1383 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1384 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1385 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1386 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1387 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1388 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1389 start_va = 0x5a0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1390 start_va = 0x810000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 1391 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1392 start_va = 0x75e30000 end_va = 0x7722efff monitored = 0 entry_point = 0x75feb990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1393 start_va = 0x75970000 end_va = 0x759a6fff monitored = 0 entry_point = 0x75973b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1394 start_va = 0x748f0000 end_va = 0x74de8fff monitored = 0 entry_point = 0x74af7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1395 start_va = 0x74fd0000 end_va = 0x7505cfff monitored = 0 entry_point = 0x75019b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1396 start_va = 0x75710000 end_va = 0x75753fff monitored = 0 entry_point = 0x75717410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1397 start_va = 0x75900000 end_va = 0x7590efff monitored = 0 entry_point = 0x75902e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1398 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1399 start_va = 0x2230000 end_va = 0x2566fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1400 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1401 start_va = 0x2570000 end_va = 0x456ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 1402 start_va = 0x2050000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1403 start_va = 0x2220000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 1404 start_va = 0x20f0000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 1405 start_va = 0x4570000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 1406 start_va = 0x73080000 end_va = 0x73b79fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll") Region: id = 1407 start_va = 0x75d40000 end_va = 0x75e2afff monitored = 0 entry_point = 0x75d7d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1408 start_va = 0x2130000 end_va = 0x21c0fff monitored = 0 entry_point = 0x2168cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1409 start_va = 0x743b0000 end_va = 0x74424fff monitored = 0 entry_point = 0x743e9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1410 start_va = 0x4670000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 1411 start_va = 0x700000 end_va = 0x702fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 1412 start_va = 0x910000 end_va = 0x915fff monitored = 1 entry_point = 0x91747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 1413 start_va = 0x72ea0000 end_va = 0x72efafff monitored = 1 entry_point = 0x72ee9010 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 1414 start_va = 0x910000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 1415 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1416 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1417 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1418 start_va = 0x4670000 end_va = 0x4715fff monitored = 0 entry_point = 0x46fe14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1419 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1420 start_va = 0x2160000 end_va = 0x2205fff monitored = 0 entry_point = 0x21ee14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1434 start_va = 0x4720000 end_va = 0x475ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004720000" filename = "" Region: id = 1435 start_va = 0x4cc0000 end_va = 0x518dfff monitored = 0 entry_point = 0x513c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 1452 start_va = 0x2210000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 1453 start_va = 0x47f0000 end_va = 0x4cbdfff monitored = 0 entry_point = 0x4c6c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 1490 start_va = 0x72420000 end_va = 0x72bc2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\2dcc35955cda7c1279cec70d8a3ac1c1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\2dcc35955cda7c1279cec70d8a3ac1c1\\system.ni.dll") Region: id = 1502 start_va = 0x4760000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004760000" filename = "" Region: id = 1517 start_va = 0x4760000 end_va = 0x4764fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 1518 start_va = 0x4770000 end_va = 0x47b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 1525 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 1544 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 1553 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 1786 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1787 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1788 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1789 start_va = 0x5190000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1790 start_va = 0x51d0000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 1791 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1792 start_va = 0x5210000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 1793 start_va = 0x5250000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1794 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1795 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1796 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1797 start_va = 0x5290000 end_va = 0x529ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 1798 start_va = 0x5290000 end_va = 0x529ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 1799 start_va = 0x52a0000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052a0000" filename = "" Region: id = 1800 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1801 start_va = 0x5290000 end_va = 0x529ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 1802 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 1803 start_va = 0x5340000 end_va = 0x53dbfff monitored = 0 entry_point = 0x53c921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 1804 start_va = 0x52a0000 end_va = 0x533bfff monitored = 0 entry_point = 0x532921e region_type = mapped_file name = "system.drawing.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\System.Drawing.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.drawing\\2.0.0.0__b03f5f7f11d50a3a\\system.drawing.dll") Region: id = 1805 start_va = 0x53e0000 end_va = 0x53effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053e0000" filename = "" Region: id = 1806 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1807 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1808 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1809 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1810 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1811 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1812 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1813 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1814 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1815 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1816 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1817 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1818 start_va = 0x53f0000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 1819 start_va = 0x5460000 end_va = 0x54cbfff monitored = 0 entry_point = 0x54bcd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 1820 start_va = 0x53f0000 end_va = 0x545bfff monitored = 0 entry_point = 0x544cd0e region_type = mapped_file name = "system.configuration.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Configuration\\2.0.0.0__b03f5f7f11d50a3a\\System.configuration.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.configuration\\2.0.0.0__b03f5f7f11d50a3a\\system.configuration.dll") Region: id = 1821 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1822 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1823 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1824 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1825 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1826 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1827 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1828 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1829 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1830 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1831 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1832 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1833 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1834 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1835 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1836 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1837 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1838 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1839 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1840 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1841 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1842 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1843 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1844 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1845 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1846 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1847 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1848 start_va = 0x54f0000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054f0000" filename = "" Region: id = 1849 start_va = 0x5500000 end_va = 0x550ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 1850 start_va = 0x5510000 end_va = 0x551ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005510000" filename = "" Region: id = 1851 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1852 start_va = 0x5530000 end_va = 0x553ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 1853 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1854 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1855 start_va = 0x5530000 end_va = 0x553ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 1856 start_va = 0x5540000 end_va = 0x554ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005540000" filename = "" Region: id = 1857 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1858 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1859 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1860 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1861 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1862 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1863 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1864 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1865 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1866 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1867 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1868 start_va = 0x74620000 end_va = 0x7463cfff monitored = 0 entry_point = 0x74623b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1869 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1870 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1871 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1872 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1873 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1874 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1875 start_va = 0x5500000 end_va = 0x5507fff monitored = 0 entry_point = 0x5503fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 1876 start_va = 0x54e0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054e0000" filename = "" Region: id = 1877 start_va = 0x5510000 end_va = 0x5517fff monitored = 0 entry_point = 0x5513fae region_type = mapped_file name = "accessibility.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Accessibility\\2.0.0.0__b03f5f7f11d50a3a\\Accessibility.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\accessibility\\2.0.0.0__b03f5f7f11d50a3a\\accessibility.dll") Region: id = 1878 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1879 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1880 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1881 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1882 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1883 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1884 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1885 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1886 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1887 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1888 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1889 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1890 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1891 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1892 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1893 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1894 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1895 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1896 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1897 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1898 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1899 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1900 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1901 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1902 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1903 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1904 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1905 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1906 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1907 start_va = 0x5730000 end_va = 0x5929fff monitored = 0 entry_point = 0x59082be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 1908 start_va = 0x5530000 end_va = 0x554ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 1909 start_va = 0x5930000 end_va = 0x5b29fff monitored = 0 entry_point = 0x5b082be region_type = mapped_file name = "system.xml.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.XML.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.xml\\2.0.0.0__b77a5c561934e089\\system.xml.dll") Region: id = 1910 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1911 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1912 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1913 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1914 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1915 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1916 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1917 start_va = 0x5580000 end_va = 0x558ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 1918 start_va = 0x5590000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 1919 start_va = 0x55a0000 end_va = 0x55affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 1920 start_va = 0x55b0000 end_va = 0x55bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055b0000" filename = "" Region: id = 1921 start_va = 0x55c0000 end_va = 0x55cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 1922 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1923 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1924 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1925 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1926 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1927 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1928 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1929 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1930 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1931 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1932 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1933 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1934 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1935 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1936 start_va = 0x5580000 end_va = 0x558ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 1937 start_va = 0x5590000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 1938 start_va = 0x55a0000 end_va = 0x55affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 1939 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1940 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1941 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1942 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1943 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1944 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1945 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1946 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1947 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1948 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1949 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1950 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1951 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1952 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1953 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1954 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1955 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1956 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1957 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1958 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1959 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1960 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1961 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1962 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1963 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1964 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1965 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1966 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1967 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1968 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1969 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1970 start_va = 0x54d0000 end_va = 0x54dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 1971 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1972 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1973 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1974 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1975 start_va = 0x5580000 end_va = 0x558ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 1976 start_va = 0x5590000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 1977 start_va = 0x5520000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005520000" filename = "" Region: id = 1978 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1979 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1980 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1981 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1982 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1983 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1984 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1985 start_va = 0x5550000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005550000" filename = "" Region: id = 1986 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1987 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1988 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1989 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1990 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1991 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1992 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1993 start_va = 0x746d0000 end_va = 0x7472efff monitored = 0 entry_point = 0x746d4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1994 start_va = 0x5560000 end_va = 0x556ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1995 start_va = 0x745d0000 end_va = 0x7461efff monitored = 0 entry_point = 0x745dd850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1996 start_va = 0x5570000 end_va = 0x557ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005570000" filename = "" Region: id = 1997 start_va = 0x5570000 end_va = 0x558ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005570000" filename = "" Region: id = 1998 start_va = 0x5590000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005590000" filename = "" Region: id = 1999 start_va = 0x55d0000 end_va = 0x56affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2000 start_va = 0x56b0000 end_va = 0x56effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 2001 start_va = 0x56f0000 end_va = 0x572ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056f0000" filename = "" Region: id = 2002 start_va = 0x5b30000 end_va = 0x5c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b30000" filename = "" Region: id = 2003 start_va = 0x5c30000 end_va = 0x5d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c30000" filename = "" Region: id = 2004 start_va = 0x5d30000 end_va = 0x5d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d30000" filename = "" Region: id = 2005 start_va = 0x5d70000 end_va = 0x5e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d70000" filename = "" Thread: id = 26 os_tid = 0xb3c [0209.475] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x720398, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfb8, lpName="Global\\Cor_Private_IPCBlock_2872") returned 0x10c [0209.529] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x720560, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x134, lpName="Global\\Cor_Public_IPCBlock_2872") returned 0x114 [0210.913] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0211.050] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0211.050] GetLastError () returned 0x2 [0211.058] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae78c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0211.058] GetLastError () returned 0x2 [0211.061] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x1ae754, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0211.061] GetLastError () returned 0x2 [0211.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x1ae7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0211.067] GetLastError () returned 0x2 [0211.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x1ae78c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0211.067] GetLastError () returned 0x2 [0211.118] GetVersionExW (in: lpVersionInformation=0x7474e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7474e8*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0211.118] GetLastError () returned 0x2 [0211.119] GetVersionExW (in: lpVersionInformation=0x7474e8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7474e8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0211.119] GetLastError () returned 0x2 [0211.120] CreateFileMappingW (hFile=0x240, lpFileMappingAttributes=0x1ae888, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x244 [0211.124] CreateFileMappingW (hFile=0x244, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x240 [0211.251] CreateFileMappingW (hFile=0x250, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x254 [0211.607] CreateFileMappingW (hFile=0x258, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x25c [0212.540] CreateFileMappingW (hFile=0x260, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x264 [0212.621] CreateFileMappingW (hFile=0x268, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x26c [0212.628] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0212.629] GetLastError () returned 0x0 [0212.629] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae208, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0212.629] GetLastError () returned 0x0 [0213.017] lstrlenW (lpString="䅁") returned 1 [0213.020] GetVersionExW (in: lpVersionInformation=0x747c00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x747c00*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0213.020] GetLastError () returned 0x0 [0213.383] RegQueryValueExW (in: hKey=0x80000001, lpValueName="di", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x4) returned 0x0 [0213.386] RegSetValueExW (in: hKey=0x80000001, lpValueName="di", Reserved=0x0, dwType=0x1, lpData="!", cbData=0x4 | out: lpData="!") returned 0x0 [0218.420] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="7657c14284185fbd3fb108b43c7467ba") returned 0x270 [0218.420] GetLastError () returned 0x0 [0219.918] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x747be8, nSize=0x80 | out: lpBuffer="") returned 0x24 [0219.918] GetLastError () returned 0x0 [0219.966] GetLongPathNameW (in: lpszShortPath="c:\\users\\rdhj0c~1\\", lpszLongPath=0x1ae944, cchBuffer=0x104 | out: lpszLongPath="c:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0219.967] GetLastError () returned 0x0 [0219.967] GetFullPathNameW (in: lpFileName="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae96c, lpFilePart=0x0 | out: lpBuffer="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp\\server.exe", lpFilePart=0x0) returned 0x33 [0219.967] GetLastError () returned 0x0 [0220.027] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x1ae948, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x28 [0220.027] GetLastError () returned 0x0 [0220.029] GetFullPathNameW (in: lpFileName="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp", nBufferLength=0x105, lpBuffer=0x1ae948, lpFilePart=0x0 | out: lpBuffer="c:\\Users\\RDhJ0CNFevzX\\appdata\\local\\temp", lpFilePart=0x0) returned 0x28 [0220.029] GetLastError () returned 0x0 [0220.057] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aed88 | out: phkResult=0x1aed88*=0x274) returned 0x0 [0220.058] RegQueryValueExW (in: hKey=0x274, lpValueName="SEE_MASK_NOZONECHECKS", lpReserved=0x0, lpType=0x1aed88, lpData=0x0, lpcbData=0x1aed84*=0x0 | out: lpType=0x1aed88*=0x1, lpData=0x0, lpcbData=0x1aed84*=0x4) returned 0x0 [0220.058] RegSetValueExW (in: hKey=0x274, lpValueName="SEE_MASK_NOZONECHECKS", Reserved=0x0, dwType=0x1, lpData="1", cbData=0x4 | out: lpData="1") returned 0x0 [0220.059] RegCloseKey (hKey=0x274) returned 0x0 [0220.111] SendMessageTimeoutA (in: hWnd=0xffff, Msg=0x1a, wParam=0x0, lParam=0x1aeca8, fuFlags=0x0, uTimeout=0x3e8, lpdwResult=0x0 | out: lpdwResult=0x0) returned 0x1 [0220.211] GetLastError () returned 0x0 [0220.212] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0220.212] GetLastError () returned 0x0 [0220.290] GetStartupInfoW (in: lpStartupInfo=0x2579cec | out: lpStartupInfo=0x2579cec*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0220.297] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="netsh firewall add allowedprogram \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" \"server.exe\" ENABLE", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2579cec*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2579d38 | out: lpCommandLine="netsh firewall add allowedprogram \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" \"server.exe\" ENABLE", lpProcessInformation=0x2579d38*(hProcess=0x278, hThread=0x274, dwProcessId=0x804, dwThreadId=0x5e8)) returned 1 [0220.342] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0x1388) returned 0x0 [0223.833] GetLastError () returned 0x0 [0223.855] CloseHandle (hObject=0x278) returned 1 [0223.856] GetLastError () returned 0x0 [0223.863] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedc8 | out: phkResult=0x1aedc8*=0x278) returned 0x0 [0223.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0223.864] GetLastError () returned 0x0 [0223.864] RegQueryValueExW (in: hKey=0x278, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedc8, lpData=0x0, lpcbData=0x1aedc4*=0x0 | out: lpType=0x1aedc8*=0x1, lpData=0x0, lpcbData=0x1aedc4*=0x72) returned 0x0 [0223.864] RegSetValueExW (in: hKey=0x278, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0223.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedc8 | out: phkResult=0x1aedc8*=0x0) returned 0x5 [0225.422] GetCurrentProcess () returned 0xffffffff [0225.424] GetCurrentThread () returned 0xfffffffe [0225.424] GetCurrentProcess () returned 0xffffffff [0225.455] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x1aee48, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1aee48*=0x2b0) returned 1 [0225.455] GetLastError () returned 0x0 [0225.541] GetCurrentThreadId () returned 0xb3c [0225.594] CreateFileMappingW (hFile=0x2b4, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2b8 [0226.437] GetSystemMetrics (nIndex=75) returned 1 [0227.289] lstrlenW (lpString="䅁") returned 1 [0227.674] GetModuleHandleW (lpModuleName="user32.dll") returned 0x75ac0000 [0227.678] GetProcAddress (hModule=0x75ac0000, lpProcName="DefWindowProcW") returned 0x77a0aee0 [0227.680] GetStockObject (i=5) returned 0x1900015 [0227.680] GetLastError () returned 0x0 [0227.780] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0227.787] CoTaskMemAlloc (cb=0x4c) returned 0x733a10 [0227.787] RegisterClassW (lpWndClass=0x747c00) returned 0xc14c [0227.787] GetLastError () returned 0x0 [0227.787] CoTaskMemFree (pv=0x733a10) [0227.787] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0227.865] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.33c0d9d", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x10000, lpParam=0x0) returned 0x2008e [0227.884] SetWindowLongW (hWnd=0x2008e, nIndex=-4, dwNewLong=2007019232) returned 5310410 [0227.971] GetWindowLongW (hWnd=0x2008e, nIndex=-4) returned 2007019232 [0228.054] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x1ae3e4 | out: phkResult=0x1ae3e4*=0x2c4) returned 0x0 [0228.054] RegQueryValueExW (in: hKey=0x2c4, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x1ae42c, lpData=0x0, lpcbData=0x1ae428*=0x0 | out: lpType=0x1ae42c*=0x0, lpData=0x0, lpcbData=0x1ae428*=0x0) returned 0x2 [0228.054] RegQueryValueExW (in: hKey=0x2c4, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x1ae42c, lpData=0x0, lpcbData=0x1ae428*=0x0 | out: lpType=0x1ae42c*=0x0, lpData=0x0, lpcbData=0x1ae428*=0x0) returned 0x2 [0228.054] RegCloseKey (hKey=0x2c4) returned 0x0 [0228.144] SetWindowLongW (hWnd=0x2008e, nIndex=-4, dwNewLong=5310730) returned 2007019232 [0228.144] GetWindowLongW (hWnd=0x2008e, nIndex=-4) returned 5310730 [0228.144] GetWindowLongW (hWnd=0x2008e, nIndex=-16) returned 113311744 [0228.494] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc151 [0228.563] CallWindowProcW (lpPrevWndFunc=0x77a0aee0, hWnd=0x2008e, Msg=0x24, wParam=0x0, lParam=0x1ae6fc) returned 0x0 [0228.566] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc152 [0228.567] CallWindowProcW (lpPrevWndFunc=0x77a0aee0, hWnd=0x2008e, Msg=0x81, wParam=0x0, lParam=0x1ae6f0) returned 0x1 [0228.568] CallWindowProcW (lpPrevWndFunc=0x77a0aee0, hWnd=0x2008e, Msg=0x83, wParam=0x0, lParam=0x1ae6dc) returned 0x0 [0228.586] CallWindowProcW (lpPrevWndFunc=0x77a0aee0, hWnd=0x2008e, Msg=0x1, wParam=0x0, lParam=0x1ae6f0) returned 0x0 [0228.671] GetClientRect (in: hWnd=0x2008e, lpRect=0x1ae438 | out: lpRect=0x1ae438) returned 1 [0228.674] GetWindowRect (in: hWnd=0x2008e, lpRect=0x1ae438 | out: lpRect=0x1ae438) returned 1 [0228.764] CreateFileMappingW (hFile=0x2cc, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2d0 [0229.154] GetLastError () returned 0x6 [0229.164] GetParent (hWnd=0x2008e) returned 0x0 [0229.563] OleInitialize (pvReserved=0x0) returned 0x0 [0229.564] GetLastError () returned 0x6 [0229.570] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0229.860] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0229.939] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0229.939] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0229.939] GetLastError () returned 0x6 [0230.212] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x2dc) returned 0x0 [0230.212] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0230.212] GetLastError () returned 0x6 [0230.212] RegQueryValueExW (in: hKey=0x2dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0230.212] RegSetValueExW (in: hKey=0x2dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0230.212] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0230.213] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0230.213] GetLastError () returned 0x6 [0230.213] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0231.233] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0231.234] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0231.235] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0231.235] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0231.235] GetLastError () returned 0x6 [0231.236] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x2e4) returned 0x0 [0231.236] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0231.236] GetLastError () returned 0x6 [0231.236] RegQueryValueExW (in: hKey=0x2e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0231.236] RegSetValueExW (in: hKey=0x2e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0231.236] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0231.237] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0231.237] GetLastError () returned 0x6 [0231.237] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0232.272] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0232.272] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0232.272] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0232.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0232.273] GetLastError () returned 0x6 [0232.273] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x2ec) returned 0x0 [0232.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0232.273] GetLastError () returned 0x6 [0232.273] RegQueryValueExW (in: hKey=0x2ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0232.273] RegSetValueExW (in: hKey=0x2ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0232.273] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0232.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0232.274] GetLastError () returned 0x6 [0232.274] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0233.293] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0233.294] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0233.294] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0233.294] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0233.294] GetLastError () returned 0x6 [0233.294] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x334) returned 0x0 [0233.294] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0233.294] GetLastError () returned 0x6 [0233.294] RegQueryValueExW (in: hKey=0x334, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0233.294] RegSetValueExW (in: hKey=0x334, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0233.295] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0233.295] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0233.295] GetLastError () returned 0x6 [0233.295] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0234.367] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0234.368] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0234.368] GetCurrentProcessId () returned 0xb38 [0234.378] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x1ae608 | out: lpLuid=0x1ae608*(LowPart=0x14, HighPart=0)) returned 1 [0234.379] GetLastError () returned 0x0 [0234.380] GetCurrentProcess () returned 0xffffffff [0234.380] GetLastError () returned 0x0 [0234.382] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x1ae604 | out: TokenHandle=0x1ae604*=0x37c) returned 1 [0234.382] GetLastError () returned 0x0 [0234.385] AdjustTokenPrivileges (in: TokenHandle=0x37c, DisableAllPrivileges=0, NewState=0x25c69e0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0234.385] GetLastError () returned 0x514 [0234.386] CloseHandle (hObject=0x37c) returned 1 [0234.386] GetLastError () returned 0x514 [0234.388] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x37c [0234.388] GetLastError () returned 0x514 [0234.390] GetExitCodeProcess (in: hProcess=0x37c, lpExitCode=0x25c6970 | out: lpExitCode=0x25c6970*=0x103) returned 1 [0234.390] GetLastError () returned 0x514 [0234.399] GetProcessWorkingSetSize (in: hProcess=0x37c, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0234.401] GetLastError () returned 0x514 [0234.403] SetProcessWorkingSetSize (hProcess=0x37c, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0234.461] GetLastError () returned 0x514 [0234.461] GetProcessWorkingSetSize (in: hProcess=0x37c, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0234.462] GetLastError () returned 0x514 [0234.462] CloseHandle (hObject=0x37c) returned 1 [0234.462] GetLastError () returned 0x514 [0234.463] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0234.463] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0234.463] GetLastError () returned 0x514 [0234.463] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x37c) returned 0x0 [0234.464] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0234.464] GetLastError () returned 0x514 [0234.465] RegQueryValueExW (in: hKey=0x37c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0234.465] RegSetValueExW (in: hKey=0x37c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0234.465] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0234.465] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0234.465] GetLastError () returned 0x514 [0234.465] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0235.991] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0235.992] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0235.992] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0235.993] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0235.993] GetLastError () returned 0x514 [0235.993] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x384) returned 0x0 [0235.994] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0235.994] GetLastError () returned 0x514 [0235.994] RegQueryValueExW (in: hKey=0x384, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0235.994] RegSetValueExW (in: hKey=0x384, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0235.994] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0235.994] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0235.994] GetLastError () returned 0x514 [0235.995] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0237.020] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0237.020] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0237.021] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0237.021] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0237.022] GetLastError () returned 0x514 [0237.022] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x380) returned 0x0 [0237.022] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0237.022] GetLastError () returned 0x514 [0237.022] RegQueryValueExW (in: hKey=0x380, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0237.023] RegSetValueExW (in: hKey=0x380, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0237.023] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0237.023] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0237.023] GetLastError () returned 0x514 [0237.023] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0238.043] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0238.043] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0238.065] GetForegroundWindow () returned 0x10088 [0238.065] GetLastError () returned 0x514 [0238.070] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0238.076] GetLastError () returned 0x514 [0238.109] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0238.109] GetLastError () returned 0x514 [0238.169] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0238.169] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0238.169] GetLastError () returned 0x514 [0238.170] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x388) returned 0x0 [0238.170] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0238.170] GetLastError () returned 0x514 [0238.170] RegQueryValueExW (in: hKey=0x388, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0238.170] RegSetValueExW (in: hKey=0x388, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0238.170] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0238.170] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0238.170] GetLastError () returned 0x514 [0238.171] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0239.198] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0239.199] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0239.199] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0239.199] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0239.199] GetLastError () returned 0x514 [0239.199] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x38c) returned 0x0 [0239.199] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0239.199] GetLastError () returned 0x514 [0239.199] RegQueryValueExW (in: hKey=0x38c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0239.200] RegSetValueExW (in: hKey=0x38c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0239.200] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0239.200] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0239.200] GetLastError () returned 0x514 [0239.200] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0240.210] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0240.211] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0240.211] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0240.211] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0240.211] GetLastError () returned 0x514 [0240.213] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x390) returned 0x0 [0240.213] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0240.213] GetLastError () returned 0x514 [0240.214] RegQueryValueExW (in: hKey=0x390, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0240.214] RegSetValueExW (in: hKey=0x390, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0240.214] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0240.214] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0240.214] GetLastError () returned 0x514 [0240.214] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0241.228] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0241.228] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0241.229] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0241.229] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0241.229] GetLastError () returned 0x514 [0241.229] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x394) returned 0x0 [0241.229] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0241.229] GetLastError () returned 0x514 [0241.229] RegQueryValueExW (in: hKey=0x394, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0241.229] RegSetValueExW (in: hKey=0x394, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0241.229] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0241.229] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0241.229] GetLastError () returned 0x514 [0241.231] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0242.242] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0242.242] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0242.242] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0242.242] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0242.242] GetLastError () returned 0x514 [0242.242] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x398) returned 0x0 [0242.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0242.243] GetLastError () returned 0x514 [0242.243] RegQueryValueExW (in: hKey=0x398, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0242.243] RegSetValueExW (in: hKey=0x398, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0242.243] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0242.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0242.243] GetLastError () returned 0x514 [0242.243] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0243.262] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0243.263] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0243.263] GetCurrentProcessId () returned 0xb38 [0243.263] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x39c [0243.263] GetLastError () returned 0x514 [0243.263] GetExitCodeProcess (in: hProcess=0x39c, lpExitCode=0x25d4070 | out: lpExitCode=0x25d4070*=0x103) returned 1 [0243.264] GetLastError () returned 0x514 [0243.264] GetProcessWorkingSetSize (in: hProcess=0x39c, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0243.264] GetLastError () returned 0x514 [0243.264] SetProcessWorkingSetSize (hProcess=0x39c, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0243.417] GetLastError () returned 0x514 [0243.418] GetProcessWorkingSetSize (in: hProcess=0x39c, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0243.418] GetLastError () returned 0x514 [0243.421] CloseHandle (hObject=0x39c) returned 1 [0243.421] GetLastError () returned 0x514 [0243.424] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0243.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0243.425] GetLastError () returned 0x514 [0243.427] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x39c) returned 0x0 [0243.458] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0243.458] GetLastError () returned 0x514 [0243.460] RegQueryValueExW (in: hKey=0x39c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0243.460] RegSetValueExW (in: hKey=0x39c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0243.461] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0243.461] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0243.461] GetLastError () returned 0x514 [0243.461] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0244.477] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0244.478] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0244.480] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0244.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0244.480] GetLastError () returned 0x514 [0244.480] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3a4) returned 0x0 [0244.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0244.480] GetLastError () returned 0x514 [0244.480] RegQueryValueExW (in: hKey=0x3a4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0244.480] RegSetValueExW (in: hKey=0x3a4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0244.481] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0244.481] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0244.481] GetLastError () returned 0x514 [0244.481] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0245.493] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0245.493] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0245.493] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0245.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0245.493] GetLastError () returned 0x514 [0245.494] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3a0) returned 0x0 [0245.494] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0245.494] GetLastError () returned 0x514 [0245.494] RegQueryValueExW (in: hKey=0x3a0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0245.494] RegSetValueExW (in: hKey=0x3a0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0245.494] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0245.494] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0245.494] GetLastError () returned 0x514 [0245.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0246.505] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0246.505] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0246.506] GetForegroundWindow () returned 0x10088 [0246.506] GetLastError () returned 0x514 [0246.506] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0246.507] GetLastError () returned 0x514 [0246.507] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0246.507] GetLastError () returned 0x514 [0246.508] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0246.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0246.508] GetLastError () returned 0x514 [0246.508] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3a8) returned 0x0 [0246.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0246.508] GetLastError () returned 0x514 [0246.508] RegQueryValueExW (in: hKey=0x3a8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0246.508] RegSetValueExW (in: hKey=0x3a8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0246.509] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0246.509] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0246.509] GetLastError () returned 0x514 [0246.509] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0247.521] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0247.522] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0247.522] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0247.522] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0247.523] GetLastError () returned 0x514 [0247.523] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3ac) returned 0x0 [0247.523] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0247.523] GetLastError () returned 0x514 [0247.523] RegQueryValueExW (in: hKey=0x3ac, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0247.523] RegSetValueExW (in: hKey=0x3ac, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0247.523] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0247.523] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0247.524] GetLastError () returned 0x514 [0247.524] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0248.541] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0248.542] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0248.542] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0248.542] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0248.542] GetLastError () returned 0x514 [0248.542] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3b0) returned 0x0 [0248.542] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0248.542] GetLastError () returned 0x514 [0248.542] RegQueryValueExW (in: hKey=0x3b0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0248.542] RegSetValueExW (in: hKey=0x3b0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0248.543] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0248.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0248.543] GetLastError () returned 0x514 [0248.543] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0249.552] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0249.552] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0249.553] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0249.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0249.553] GetLastError () returned 0x514 [0249.553] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3b8) returned 0x0 [0249.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0249.553] GetLastError () returned 0x514 [0249.553] RegQueryValueExW (in: hKey=0x3b8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0249.553] RegSetValueExW (in: hKey=0x3b8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0249.554] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0249.554] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0249.554] GetLastError () returned 0x514 [0249.554] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0250.575] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0250.575] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0250.576] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0250.576] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0250.576] GetLastError () returned 0x514 [0250.576] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3bc) returned 0x0 [0250.576] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0250.576] GetLastError () returned 0x514 [0250.576] RegQueryValueExW (in: hKey=0x3bc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0250.576] RegSetValueExW (in: hKey=0x3bc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0250.576] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0250.576] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0250.576] GetLastError () returned 0x514 [0250.577] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0251.585] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0251.586] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0251.586] GetCurrentProcessId () returned 0xb38 [0251.586] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x3c0 [0251.586] GetLastError () returned 0x514 [0251.587] GetExitCodeProcess (in: hProcess=0x3c0, lpExitCode=0x25e1b64 | out: lpExitCode=0x25e1b64*=0x103) returned 1 [0251.587] GetLastError () returned 0x514 [0251.587] GetProcessWorkingSetSize (in: hProcess=0x3c0, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0251.587] GetLastError () returned 0x514 [0251.587] SetProcessWorkingSetSize (hProcess=0x3c0, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0251.635] GetLastError () returned 0x514 [0251.635] GetProcessWorkingSetSize (in: hProcess=0x3c0, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0251.635] GetLastError () returned 0x514 [0251.636] CloseHandle (hObject=0x3c0) returned 1 [0251.636] GetLastError () returned 0x514 [0251.636] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0251.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0251.637] GetLastError () returned 0x514 [0251.638] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3c0) returned 0x0 [0251.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0251.638] GetLastError () returned 0x514 [0251.639] RegQueryValueExW (in: hKey=0x3c0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0251.639] RegSetValueExW (in: hKey=0x3c0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0251.639] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0251.639] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0251.639] GetLastError () returned 0x514 [0251.639] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0252.649] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0252.650] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0252.650] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0252.651] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0252.651] GetLastError () returned 0x514 [0252.651] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3c8) returned 0x0 [0252.651] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0252.651] GetLastError () returned 0x514 [0252.651] RegQueryValueExW (in: hKey=0x3c8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0252.651] RegSetValueExW (in: hKey=0x3c8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0252.652] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0252.652] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0252.652] GetLastError () returned 0x514 [0252.652] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0253.669] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0253.669] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0253.669] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0253.669] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0253.669] GetLastError () returned 0x514 [0253.669] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3c4) returned 0x0 [0253.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0253.670] GetLastError () returned 0x514 [0253.670] RegQueryValueExW (in: hKey=0x3c4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0253.670] RegSetValueExW (in: hKey=0x3c4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0253.670] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0253.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0253.670] GetLastError () returned 0x514 [0253.670] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0254.685] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0254.685] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0254.685] GetForegroundWindow () returned 0x10088 [0254.685] GetLastError () returned 0x514 [0254.685] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0254.686] GetLastError () returned 0x514 [0254.686] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0254.686] GetLastError () returned 0x514 [0254.687] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0254.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0254.687] GetLastError () returned 0x514 [0254.687] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3d0) returned 0x0 [0254.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0254.687] GetLastError () returned 0x514 [0254.687] RegQueryValueExW (in: hKey=0x3d0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0254.688] RegSetValueExW (in: hKey=0x3d0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0254.688] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0254.688] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0254.688] GetLastError () returned 0x514 [0254.688] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0255.696] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0255.697] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0255.697] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0255.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0255.697] GetLastError () returned 0x514 [0255.697] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3d4) returned 0x0 [0255.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0255.697] GetLastError () returned 0x514 [0255.697] RegQueryValueExW (in: hKey=0x3d4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0255.697] RegSetValueExW (in: hKey=0x3d4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0255.698] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0255.698] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0255.698] GetLastError () returned 0x514 [0255.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0256.713] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0256.714] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0256.714] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0256.714] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0256.714] GetLastError () returned 0x514 [0256.714] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3d8) returned 0x0 [0256.714] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0256.714] GetLastError () returned 0x514 [0256.714] RegQueryValueExW (in: hKey=0x3d8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0256.715] RegSetValueExW (in: hKey=0x3d8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0256.715] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0256.715] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0256.715] GetLastError () returned 0x514 [0256.715] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0257.723] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0257.724] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0257.724] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0257.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0257.724] GetLastError () returned 0x514 [0257.724] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3dc) returned 0x0 [0257.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0257.724] GetLastError () returned 0x514 [0257.724] RegQueryValueExW (in: hKey=0x3dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0257.724] RegSetValueExW (in: hKey=0x3dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0257.725] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0257.725] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0257.725] GetLastError () returned 0x514 [0257.725] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0258.745] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0258.745] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0258.746] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0258.746] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0258.746] GetLastError () returned 0x514 [0258.746] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3e0) returned 0x0 [0258.746] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0258.746] GetLastError () returned 0x514 [0258.746] RegQueryValueExW (in: hKey=0x3e0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0258.746] RegSetValueExW (in: hKey=0x3e0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0258.747] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0258.747] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0258.747] GetLastError () returned 0x514 [0258.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0259.754] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0259.754] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0259.755] GetCurrentProcessId () returned 0xb38 [0259.755] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x3e4 [0259.755] GetLastError () returned 0x514 [0259.755] GetExitCodeProcess (in: hProcess=0x3e4, lpExitCode=0x25efa60 | out: lpExitCode=0x25efa60*=0x103) returned 1 [0259.755] GetLastError () returned 0x514 [0259.756] GetProcessWorkingSetSize (in: hProcess=0x3e4, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0259.756] GetLastError () returned 0x514 [0259.756] SetProcessWorkingSetSize (hProcess=0x3e4, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0259.771] GetLastError () returned 0x514 [0259.771] GetProcessWorkingSetSize (in: hProcess=0x3e4, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0259.771] GetLastError () returned 0x514 [0259.772] CloseHandle (hObject=0x3e4) returned 1 [0259.773] GetLastError () returned 0x514 [0259.774] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0259.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0259.774] GetLastError () returned 0x514 [0259.775] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3e4) returned 0x0 [0259.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0259.775] GetLastError () returned 0x514 [0259.776] RegQueryValueExW (in: hKey=0x3e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0259.776] RegSetValueExW (in: hKey=0x3e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0259.776] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0259.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0259.776] GetLastError () returned 0x514 [0259.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0260.783] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0260.784] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0260.784] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0260.784] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0260.784] GetLastError () returned 0x514 [0260.784] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3ec) returned 0x0 [0260.784] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0260.784] GetLastError () returned 0x514 [0260.785] RegQueryValueExW (in: hKey=0x3ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0260.785] RegSetValueExW (in: hKey=0x3ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0260.785] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0260.785] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0260.785] GetLastError () returned 0x514 [0260.786] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0261.798] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0261.798] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0261.798] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0261.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0261.798] GetLastError () returned 0x514 [0261.798] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3e8) returned 0x0 [0261.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0261.798] GetLastError () returned 0x514 [0261.799] RegQueryValueExW (in: hKey=0x3e8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0261.799] RegSetValueExW (in: hKey=0x3e8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0261.799] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0261.799] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0261.799] GetLastError () returned 0x514 [0261.799] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0262.814] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0262.814] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0262.814] GetForegroundWindow () returned 0x10088 [0262.814] GetLastError () returned 0x514 [0262.814] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0262.815] GetLastError () returned 0x514 [0262.815] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0262.815] GetLastError () returned 0x514 [0262.815] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0262.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0262.816] GetLastError () returned 0x514 [0262.816] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3f0) returned 0x0 [0262.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0262.816] GetLastError () returned 0x514 [0262.816] RegQueryValueExW (in: hKey=0x3f0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0262.816] RegSetValueExW (in: hKey=0x3f0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0262.816] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0262.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0262.816] GetLastError () returned 0x514 [0262.817] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0263.837] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0263.837] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0263.838] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0263.838] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0263.838] GetLastError () returned 0x514 [0263.838] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x3fc) returned 0x0 [0263.838] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0263.838] GetLastError () returned 0x514 [0263.838] RegQueryValueExW (in: hKey=0x3fc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0263.838] RegSetValueExW (in: hKey=0x3fc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0263.839] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0263.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0263.839] GetLastError () returned 0x514 [0263.839] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0264.846] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0264.846] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0264.847] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0264.847] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0264.847] GetLastError () returned 0x514 [0264.847] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x404) returned 0x0 [0264.848] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0264.848] GetLastError () returned 0x514 [0264.848] RegQueryValueExW (in: hKey=0x404, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0264.848] RegSetValueExW (in: hKey=0x404, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0264.848] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0264.848] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0264.848] GetLastError () returned 0x514 [0264.848] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0265.859] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0265.859] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0265.860] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0265.860] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0265.860] GetLastError () returned 0x514 [0265.860] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x40c) returned 0x0 [0265.860] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0265.860] GetLastError () returned 0x514 [0265.860] RegQueryValueExW (in: hKey=0x40c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0265.860] RegSetValueExW (in: hKey=0x40c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0265.861] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0265.861] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0265.861] GetLastError () returned 0x514 [0265.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0266.959] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0266.959] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0266.959] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0266.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0266.959] GetLastError () returned 0x514 [0266.960] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x410) returned 0x0 [0266.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0266.960] GetLastError () returned 0x514 [0266.960] RegQueryValueExW (in: hKey=0x410, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0266.960] RegSetValueExW (in: hKey=0x410, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0266.960] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0266.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0266.960] GetLastError () returned 0x514 [0266.960] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0268.002] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0268.003] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0268.003] GetCurrentProcessId () returned 0xb38 [0268.003] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x414 [0268.003] GetLastError () returned 0x514 [0268.004] GetExitCodeProcess (in: hProcess=0x414, lpExitCode=0x25fd540 | out: lpExitCode=0x25fd540*=0x103) returned 1 [0268.004] GetLastError () returned 0x514 [0268.004] GetProcessWorkingSetSize (in: hProcess=0x414, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0268.004] GetLastError () returned 0x514 [0268.004] SetProcessWorkingSetSize (hProcess=0x414, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0268.022] GetLastError () returned 0x514 [0268.022] GetProcessWorkingSetSize (in: hProcess=0x414, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0268.022] GetLastError () returned 0x514 [0268.024] CloseHandle (hObject=0x414) returned 1 [0268.024] GetLastError () returned 0x514 [0268.025] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0268.026] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0268.026] GetLastError () returned 0x514 [0268.026] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x414) returned 0x0 [0268.027] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0268.027] GetLastError () returned 0x514 [0268.028] RegQueryValueExW (in: hKey=0x414, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0268.028] RegSetValueExW (in: hKey=0x414, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0268.028] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0268.028] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0268.028] GetLastError () returned 0x514 [0268.028] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0269.036] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0269.036] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0269.037] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0269.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0269.037] GetLastError () returned 0x514 [0269.037] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x41c) returned 0x0 [0269.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0269.037] GetLastError () returned 0x514 [0269.037] RegQueryValueExW (in: hKey=0x41c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0269.037] RegSetValueExW (in: hKey=0x41c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0269.038] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0269.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0269.038] GetLastError () returned 0x514 [0269.038] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0270.048] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0270.048] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0270.049] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0270.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0270.049] GetLastError () returned 0x514 [0270.049] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x418) returned 0x0 [0270.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0270.049] GetLastError () returned 0x514 [0270.049] RegQueryValueExW (in: hKey=0x418, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0270.049] RegSetValueExW (in: hKey=0x418, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0270.049] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0270.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0270.049] GetLastError () returned 0x514 [0270.050] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0271.070] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0271.070] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0271.071] GetForegroundWindow () returned 0x100e0 [0271.071] GetLastError () returned 0x514 [0271.071] GetWindowTextLengthA (hWnd=0x100e0) returned 10 [0271.071] GetLastError () returned 0x514 [0271.071] GetWindowTextA (in: hWnd=0x100e0, lpString=0x1aebb0, nMaxCount=11 | out: lpString="FolderView") returned 10 [0271.071] GetLastError () returned 0x514 [0271.072] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0271.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0271.072] GetLastError () returned 0x514 [0271.072] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x420) returned 0x0 [0271.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0271.072] GetLastError () returned 0x514 [0271.072] RegQueryValueExW (in: hKey=0x420, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0271.073] RegSetValueExW (in: hKey=0x420, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0271.073] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0271.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0271.073] GetLastError () returned 0x514 [0271.073] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0272.079] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0272.080] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0272.080] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0272.080] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0272.080] GetLastError () returned 0x514 [0272.080] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x424) returned 0x0 [0272.080] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0272.080] GetLastError () returned 0x514 [0272.080] RegQueryValueExW (in: hKey=0x424, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0272.080] RegSetValueExW (in: hKey=0x424, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0272.081] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0272.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0272.081] GetLastError () returned 0x514 [0272.081] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0273.100] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0273.100] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0273.100] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0273.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0273.101] GetLastError () returned 0x514 [0273.101] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x428) returned 0x0 [0273.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0273.101] GetLastError () returned 0x514 [0273.101] RegQueryValueExW (in: hKey=0x428, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0273.101] RegSetValueExW (in: hKey=0x428, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0273.101] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0273.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0273.102] GetLastError () returned 0x514 [0273.102] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0274.112] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0274.113] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0274.113] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0274.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0274.113] GetLastError () returned 0x514 [0274.113] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x42c) returned 0x0 [0274.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0274.114] GetLastError () returned 0x514 [0274.114] RegQueryValueExW (in: hKey=0x42c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0274.114] RegSetValueExW (in: hKey=0x42c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0274.114] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0274.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0274.114] GetLastError () returned 0x514 [0274.115] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0275.125] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0275.125] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0275.126] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0275.126] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0275.126] GetLastError () returned 0x514 [0275.126] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x430) returned 0x0 [0275.126] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0275.126] GetLastError () returned 0x514 [0275.126] RegQueryValueExW (in: hKey=0x430, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0275.126] RegSetValueExW (in: hKey=0x430, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0275.127] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0275.127] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0275.127] GetLastError () returned 0x514 [0275.127] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0276.151] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0276.151] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0276.151] GetCurrentProcessId () returned 0xb38 [0276.151] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x434 [0276.152] GetLastError () returned 0x514 [0276.152] GetExitCodeProcess (in: hProcess=0x434, lpExitCode=0x260aaa4 | out: lpExitCode=0x260aaa4*=0x103) returned 1 [0276.152] GetLastError () returned 0x514 [0276.152] GetProcessWorkingSetSize (in: hProcess=0x434, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0276.152] GetLastError () returned 0x514 [0276.152] SetProcessWorkingSetSize (hProcess=0x434, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0276.163] GetLastError () returned 0x514 [0276.163] GetProcessWorkingSetSize (in: hProcess=0x434, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0276.163] GetLastError () returned 0x514 [0276.164] CloseHandle (hObject=0x434) returned 1 [0276.164] GetLastError () returned 0x514 [0276.165] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0276.165] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0276.165] GetLastError () returned 0x514 [0276.166] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x434) returned 0x0 [0276.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0276.167] GetLastError () returned 0x514 [0276.167] RegQueryValueExW (in: hKey=0x434, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0276.167] RegSetValueExW (in: hKey=0x434, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0276.167] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0276.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0276.167] GetLastError () returned 0x514 [0276.168] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0277.177] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0277.178] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0277.178] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0277.178] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0277.178] GetLastError () returned 0x514 [0277.178] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x43c) returned 0x0 [0277.178] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0277.178] GetLastError () returned 0x514 [0277.178] RegQueryValueExW (in: hKey=0x43c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0277.179] RegSetValueExW (in: hKey=0x43c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0277.179] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0277.179] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0277.179] GetLastError () returned 0x514 [0277.179] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0278.207] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0278.207] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0278.208] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0278.208] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0278.208] GetLastError () returned 0x514 [0278.208] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x438) returned 0x0 [0278.208] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0278.208] GetLastError () returned 0x514 [0278.208] RegQueryValueExW (in: hKey=0x438, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0278.208] RegSetValueExW (in: hKey=0x438, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0278.208] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0278.209] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0278.209] GetLastError () returned 0x514 [0278.209] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0279.229] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0279.229] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0279.229] GetForegroundWindow () returned 0x10088 [0279.229] GetLastError () returned 0x514 [0279.229] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0279.229] GetLastError () returned 0x514 [0279.230] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0279.230] GetLastError () returned 0x514 [0279.230] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0279.230] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0279.230] GetLastError () returned 0x514 [0279.230] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x440) returned 0x0 [0279.230] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0279.231] GetLastError () returned 0x514 [0279.231] RegQueryValueExW (in: hKey=0x440, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0279.231] RegSetValueExW (in: hKey=0x440, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0279.231] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0279.231] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0279.231] GetLastError () returned 0x514 [0279.231] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0280.241] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0280.241] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0280.242] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0280.242] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0280.242] GetLastError () returned 0x514 [0280.242] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x444) returned 0x0 [0280.242] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0280.242] GetLastError () returned 0x514 [0280.243] RegQueryValueExW (in: hKey=0x444, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0280.243] RegSetValueExW (in: hKey=0x444, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0280.243] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0280.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0280.243] GetLastError () returned 0x514 [0280.243] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0281.267] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0281.267] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0281.267] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0281.267] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0281.267] GetLastError () returned 0x514 [0281.267] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x448) returned 0x0 [0281.268] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0281.268] GetLastError () returned 0x514 [0281.268] RegQueryValueExW (in: hKey=0x448, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0281.268] RegSetValueExW (in: hKey=0x448, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0281.268] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0281.268] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0281.268] GetLastError () returned 0x514 [0281.268] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0282.273] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0282.273] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0282.273] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0282.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0282.274] GetLastError () returned 0x514 [0282.274] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x44c) returned 0x0 [0282.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0282.274] GetLastError () returned 0x514 [0282.274] RegQueryValueExW (in: hKey=0x44c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0282.274] RegSetValueExW (in: hKey=0x44c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0282.274] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0282.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0282.274] GetLastError () returned 0x514 [0282.275] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0283.293] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0283.293] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0283.294] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0283.294] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0283.294] GetLastError () returned 0x514 [0283.294] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x454) returned 0x0 [0283.294] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0283.294] GetLastError () returned 0x514 [0283.294] RegQueryValueExW (in: hKey=0x454, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0283.294] RegSetValueExW (in: hKey=0x454, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0283.294] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0283.295] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0283.295] GetLastError () returned 0x514 [0283.295] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0284.304] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0284.305] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0284.305] GetCurrentProcessId () returned 0xb38 [0284.306] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x458 [0284.306] GetLastError () returned 0x514 [0284.306] GetExitCodeProcess (in: hProcess=0x458, lpExitCode=0x2618d18 | out: lpExitCode=0x2618d18*=0x103) returned 1 [0284.306] GetLastError () returned 0x514 [0284.306] GetProcessWorkingSetSize (in: hProcess=0x458, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0284.307] GetLastError () returned 0x514 [0284.307] SetProcessWorkingSetSize (hProcess=0x458, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0284.328] GetLastError () returned 0x514 [0284.329] GetProcessWorkingSetSize (in: hProcess=0x458, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0284.329] GetLastError () returned 0x514 [0284.330] CloseHandle (hObject=0x458) returned 1 [0284.330] GetLastError () returned 0x514 [0284.332] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0284.332] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0284.332] GetLastError () returned 0x514 [0284.333] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x458) returned 0x0 [0284.335] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0284.335] GetLastError () returned 0x514 [0284.336] RegQueryValueExW (in: hKey=0x458, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0284.336] RegSetValueExW (in: hKey=0x458, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0284.336] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0284.336] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0284.336] GetLastError () returned 0x514 [0284.337] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0285.382] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0285.382] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0285.383] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0285.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0285.383] GetLastError () returned 0x514 [0285.383] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x460) returned 0x0 [0285.384] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0285.384] GetLastError () returned 0x514 [0285.384] RegQueryValueExW (in: hKey=0x460, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0285.384] RegSetValueExW (in: hKey=0x460, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0285.384] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0285.384] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0285.384] GetLastError () returned 0x514 [0285.384] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0286.413] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0286.414] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0286.414] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0286.414] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0286.414] GetLastError () returned 0x514 [0286.414] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x45c) returned 0x0 [0286.414] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0286.414] GetLastError () returned 0x514 [0286.414] RegQueryValueExW (in: hKey=0x45c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0286.415] RegSetValueExW (in: hKey=0x45c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0286.415] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0286.415] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0286.415] GetLastError () returned 0x514 [0286.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0287.427] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0287.428] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0287.428] GetForegroundWindow () returned 0x10088 [0287.428] GetLastError () returned 0x514 [0287.428] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0287.429] GetLastError () returned 0x514 [0287.429] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0287.429] GetLastError () returned 0x514 [0287.430] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0287.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0287.430] GetLastError () returned 0x514 [0287.430] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x464) returned 0x0 [0287.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0287.430] GetLastError () returned 0x514 [0287.430] RegQueryValueExW (in: hKey=0x464, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0287.431] RegSetValueExW (in: hKey=0x464, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0287.431] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0287.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0287.431] GetLastError () returned 0x514 [0287.431] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0288.452] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0288.452] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0288.453] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0288.453] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0288.453] GetLastError () returned 0x514 [0288.453] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x468) returned 0x0 [0288.454] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0288.454] GetLastError () returned 0x514 [0288.454] RegQueryValueExW (in: hKey=0x468, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0288.454] RegSetValueExW (in: hKey=0x468, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0288.454] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0288.455] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0288.455] GetLastError () returned 0x514 [0288.455] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0289.481] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0289.481] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0289.482] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0289.482] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0289.482] GetLastError () returned 0x514 [0289.482] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x46c) returned 0x0 [0289.482] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0289.482] GetLastError () returned 0x514 [0289.482] RegQueryValueExW (in: hKey=0x46c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0289.483] RegSetValueExW (in: hKey=0x46c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0289.483] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0289.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0289.483] GetLastError () returned 0x514 [0289.483] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0290.495] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0290.495] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0290.495] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0290.495] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0290.495] GetLastError () returned 0x514 [0290.495] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x470) returned 0x0 [0290.496] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0290.496] GetLastError () returned 0x514 [0290.496] RegQueryValueExW (in: hKey=0x470, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0290.496] RegSetValueExW (in: hKey=0x470, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0290.496] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0290.496] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0290.496] GetLastError () returned 0x514 [0290.496] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0291.509] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0291.509] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0291.510] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0291.510] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0291.510] GetLastError () returned 0x514 [0291.510] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x474) returned 0x0 [0291.510] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0291.510] GetLastError () returned 0x514 [0291.510] RegQueryValueExW (in: hKey=0x474, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0291.510] RegSetValueExW (in: hKey=0x474, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0291.511] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0291.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0291.511] GetLastError () returned 0x514 [0291.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0292.530] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0292.530] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0292.531] GetCurrentProcessId () returned 0xb38 [0292.531] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x478 [0292.531] GetLastError () returned 0x514 [0292.532] GetExitCodeProcess (in: hProcess=0x478, lpExitCode=0x26261e4 | out: lpExitCode=0x26261e4*=0x103) returned 1 [0292.532] GetLastError () returned 0x514 [0292.532] GetProcessWorkingSetSize (in: hProcess=0x478, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0292.532] GetLastError () returned 0x514 [0292.532] SetProcessWorkingSetSize (hProcess=0x478, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0292.548] GetLastError () returned 0x514 [0292.549] GetProcessWorkingSetSize (in: hProcess=0x478, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0292.549] GetLastError () returned 0x514 [0292.550] CloseHandle (hObject=0x478) returned 1 [0292.550] GetLastError () returned 0x514 [0292.551] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0292.551] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0292.551] GetLastError () returned 0x514 [0292.551] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x478) returned 0x0 [0292.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0292.552] GetLastError () returned 0x514 [0292.552] RegQueryValueExW (in: hKey=0x478, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0292.553] RegSetValueExW (in: hKey=0x478, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0292.553] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0292.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0292.553] GetLastError () returned 0x514 [0292.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0293.577] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0293.577] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0293.578] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0293.578] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0293.578] GetLastError () returned 0x514 [0293.578] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x350) returned 0x0 [0293.578] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0293.578] GetLastError () returned 0x514 [0293.578] RegQueryValueExW (in: hKey=0x350, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0293.579] RegSetValueExW (in: hKey=0x350, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0293.579] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0293.579] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0293.579] GetLastError () returned 0x514 [0293.579] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0294.587] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0294.587] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0294.587] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0294.587] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0294.587] GetLastError () returned 0x514 [0294.587] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x484) returned 0x0 [0294.588] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0294.588] GetLastError () returned 0x514 [0294.588] RegQueryValueExW (in: hKey=0x484, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0294.588] RegSetValueExW (in: hKey=0x484, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0294.588] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0294.588] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0294.588] GetLastError () returned 0x514 [0294.588] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0295.611] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0295.611] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0295.612] GetForegroundWindow () returned 0x10088 [0295.612] GetLastError () returned 0x514 [0295.612] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0295.612] GetLastError () returned 0x514 [0295.613] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0295.613] GetLastError () returned 0x514 [0295.613] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0295.613] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0295.613] GetLastError () returned 0x514 [0295.614] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x488) returned 0x0 [0295.614] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0295.614] GetLastError () returned 0x514 [0295.614] RegQueryValueExW (in: hKey=0x488, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0295.614] RegSetValueExW (in: hKey=0x488, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0295.614] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0295.614] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0295.614] GetLastError () returned 0x514 [0295.615] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0296.623] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0296.624] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0296.624] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0296.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0296.624] GetLastError () returned 0x514 [0296.624] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x48c) returned 0x0 [0296.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0296.624] GetLastError () returned 0x514 [0296.624] RegQueryValueExW (in: hKey=0x48c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0296.624] RegSetValueExW (in: hKey=0x48c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0296.625] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0296.625] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0296.625] GetLastError () returned 0x514 [0296.625] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0297.717] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0297.717] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0297.718] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0297.718] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0297.718] GetLastError () returned 0x514 [0297.718] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x490) returned 0x0 [0297.718] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0297.718] GetLastError () returned 0x514 [0297.718] RegQueryValueExW (in: hKey=0x490, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0297.718] RegSetValueExW (in: hKey=0x490, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0297.718] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0297.718] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0297.718] GetLastError () returned 0x514 [0297.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0298.791] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0298.791] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0298.791] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0298.792] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0298.792] GetLastError () returned 0x514 [0298.792] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x494) returned 0x0 [0298.792] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0298.792] GetLastError () returned 0x514 [0298.792] RegQueryValueExW (in: hKey=0x494, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0298.792] RegSetValueExW (in: hKey=0x494, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0298.792] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0298.792] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0298.792] GetLastError () returned 0x514 [0298.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0299.803] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0299.803] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0299.803] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0299.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0299.804] GetLastError () returned 0x514 [0299.804] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x498) returned 0x0 [0299.805] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0299.805] GetLastError () returned 0x514 [0299.805] RegQueryValueExW (in: hKey=0x498, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0299.805] RegSetValueExW (in: hKey=0x498, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0299.805] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0299.805] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0299.805] GetLastError () returned 0x514 [0299.805] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0300.861] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0300.861] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0300.862] GetCurrentProcessId () returned 0xb38 [0300.862] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x49c [0300.862] GetLastError () returned 0x514 [0300.862] GetExitCodeProcess (in: hProcess=0x49c, lpExitCode=0x26336b0 | out: lpExitCode=0x26336b0*=0x103) returned 1 [0300.862] GetLastError () returned 0x514 [0300.862] GetProcessWorkingSetSize (in: hProcess=0x49c, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0300.862] GetLastError () returned 0x514 [0300.862] SetProcessWorkingSetSize (hProcess=0x49c, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0300.876] GetLastError () returned 0x514 [0300.877] GetProcessWorkingSetSize (in: hProcess=0x49c, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0300.877] GetLastError () returned 0x514 [0300.878] CloseHandle (hObject=0x49c) returned 1 [0300.878] GetLastError () returned 0x514 [0300.879] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0300.879] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0300.879] GetLastError () returned 0x514 [0300.880] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x49c) returned 0x0 [0300.881] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0300.881] GetLastError () returned 0x514 [0300.881] RegQueryValueExW (in: hKey=0x49c, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0300.881] RegSetValueExW (in: hKey=0x49c, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0300.881] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0300.882] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0300.882] GetLastError () returned 0x514 [0300.882] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0301.918] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0301.918] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0301.919] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0301.919] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0301.919] GetLastError () returned 0x514 [0301.920] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4a4) returned 0x0 [0301.920] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0301.920] GetLastError () returned 0x514 [0301.920] RegQueryValueExW (in: hKey=0x4a4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0301.920] RegSetValueExW (in: hKey=0x4a4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0301.920] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0301.920] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0301.920] GetLastError () returned 0x514 [0301.920] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0302.932] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0302.932] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0302.933] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0302.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0302.933] GetLastError () returned 0x514 [0302.933] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4a0) returned 0x0 [0302.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0302.933] GetLastError () returned 0x514 [0302.933] RegQueryValueExW (in: hKey=0x4a0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0302.933] RegSetValueExW (in: hKey=0x4a0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0302.933] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0302.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0302.934] GetLastError () returned 0x514 [0302.934] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0303.955] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0303.956] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0303.956] GetForegroundWindow () returned 0x10088 [0303.956] GetLastError () returned 0x514 [0303.956] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0303.956] GetLastError () returned 0x514 [0303.957] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0303.957] GetLastError () returned 0x514 [0303.957] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0303.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0303.957] GetLastError () returned 0x514 [0303.957] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4a8) returned 0x0 [0303.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0303.958] GetLastError () returned 0x514 [0303.958] RegQueryValueExW (in: hKey=0x4a8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0303.958] RegSetValueExW (in: hKey=0x4a8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0303.958] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0303.958] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0303.958] GetLastError () returned 0x514 [0303.958] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0304.978] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0304.978] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0304.978] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0304.978] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0304.978] GetLastError () returned 0x514 [0304.979] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4b0) returned 0x0 [0304.979] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0304.979] GetLastError () returned 0x514 [0304.979] RegQueryValueExW (in: hKey=0x4b0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0304.979] RegSetValueExW (in: hKey=0x4b0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0304.979] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0304.979] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0304.979] GetLastError () returned 0x514 [0304.980] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0305.984] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0305.985] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0305.985] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0305.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0305.985] GetLastError () returned 0x514 [0305.985] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4b4) returned 0x0 [0305.986] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0305.986] GetLastError () returned 0x514 [0305.986] RegQueryValueExW (in: hKey=0x4b4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0305.986] RegSetValueExW (in: hKey=0x4b4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0305.986] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0305.986] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0305.987] GetLastError () returned 0x514 [0305.987] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0307.009] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0307.009] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0307.009] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0307.009] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0307.009] GetLastError () returned 0x514 [0307.009] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4b8) returned 0x0 [0307.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0307.010] GetLastError () returned 0x514 [0307.010] RegQueryValueExW (in: hKey=0x4b8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0307.010] RegSetValueExW (in: hKey=0x4b8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0307.010] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0307.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0307.010] GetLastError () returned 0x514 [0307.010] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0308.020] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0308.020] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0308.020] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0308.020] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0308.020] GetLastError () returned 0x514 [0308.021] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4bc) returned 0x0 [0308.021] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0308.021] GetLastError () returned 0x514 [0308.021] RegQueryValueExW (in: hKey=0x4bc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0308.021] RegSetValueExW (in: hKey=0x4bc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0308.021] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0308.021] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0308.021] GetLastError () returned 0x514 [0308.021] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0309.043] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0309.044] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0309.045] GetCurrentProcessId () returned 0xb38 [0309.045] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x4c0 [0309.045] GetLastError () returned 0x514 [0309.046] GetExitCodeProcess (in: hProcess=0x4c0, lpExitCode=0x2641924 | out: lpExitCode=0x2641924*=0x103) returned 1 [0309.046] GetLastError () returned 0x514 [0309.046] GetProcessWorkingSetSize (in: hProcess=0x4c0, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0309.046] GetLastError () returned 0x514 [0309.046] SetProcessWorkingSetSize (hProcess=0x4c0, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0309.067] GetLastError () returned 0x514 [0309.068] GetProcessWorkingSetSize (in: hProcess=0x4c0, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0309.069] GetLastError () returned 0x514 [0309.070] CloseHandle (hObject=0x4c0) returned 1 [0309.070] GetLastError () returned 0x514 [0309.073] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0309.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0309.074] GetLastError () returned 0x514 [0309.076] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4c0) returned 0x0 [0309.078] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0309.078] GetLastError () returned 0x514 [0309.079] RegQueryValueExW (in: hKey=0x4c0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0309.080] RegSetValueExW (in: hKey=0x4c0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0309.080] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0309.080] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0309.080] GetLastError () returned 0x514 [0309.080] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0310.153] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0310.154] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0310.154] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0310.155] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0310.155] GetLastError () returned 0x514 [0310.155] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4c8) returned 0x0 [0310.155] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0310.155] GetLastError () returned 0x514 [0310.155] RegQueryValueExW (in: hKey=0x4c8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0310.156] RegSetValueExW (in: hKey=0x4c8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0310.156] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0310.156] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0310.156] GetLastError () returned 0x514 [0310.156] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0311.191] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0311.192] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0311.192] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0311.192] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0311.192] GetLastError () returned 0x514 [0311.192] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4c4) returned 0x0 [0311.192] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0311.192] GetLastError () returned 0x514 [0311.192] RegQueryValueExW (in: hKey=0x4c4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0311.193] RegSetValueExW (in: hKey=0x4c4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0311.193] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0311.193] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0311.193] GetLastError () returned 0x514 [0311.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0312.206] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0312.206] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0312.207] GetForegroundWindow () returned 0x100e0 [0312.207] GetLastError () returned 0x514 [0312.207] GetWindowTextLengthA (hWnd=0x100e0) returned 10 [0312.207] GetLastError () returned 0x514 [0312.208] GetWindowTextA (in: hWnd=0x100e0, lpString=0x1aebb0, nMaxCount=11 | out: lpString="FolderView") returned 10 [0312.208] GetLastError () returned 0x514 [0312.209] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0312.209] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0312.209] GetLastError () returned 0x514 [0312.209] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4cc) returned 0x0 [0312.209] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0312.209] GetLastError () returned 0x514 [0312.209] RegQueryValueExW (in: hKey=0x4cc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0312.209] RegSetValueExW (in: hKey=0x4cc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0312.210] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0312.210] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0312.210] GetLastError () returned 0x514 [0312.210] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0313.251] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0313.251] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0313.251] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0313.252] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0313.252] GetLastError () returned 0x514 [0313.252] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4d0) returned 0x0 [0313.252] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0313.252] GetLastError () returned 0x514 [0313.252] RegQueryValueExW (in: hKey=0x4d0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0313.252] RegSetValueExW (in: hKey=0x4d0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0313.253] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0313.253] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0313.253] GetLastError () returned 0x514 [0313.253] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0314.272] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0314.272] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0314.272] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0314.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0314.273] GetLastError () returned 0x514 [0314.273] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4d4) returned 0x0 [0314.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0314.273] GetLastError () returned 0x514 [0314.273] RegQueryValueExW (in: hKey=0x4d4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0314.273] RegSetValueExW (in: hKey=0x4d4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0314.274] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0314.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0314.274] GetLastError () returned 0x514 [0314.274] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0315.297] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0315.297] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0315.298] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0315.298] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0315.298] GetLastError () returned 0x514 [0315.298] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4d8) returned 0x0 [0315.298] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0315.299] GetLastError () returned 0x514 [0315.299] RegQueryValueExW (in: hKey=0x4d8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0315.299] RegSetValueExW (in: hKey=0x4d8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0315.299] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0315.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0315.299] GetLastError () returned 0x514 [0315.299] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0316.317] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0316.317] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0316.317] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0316.317] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0316.317] GetLastError () returned 0x514 [0316.318] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4dc) returned 0x0 [0316.318] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0316.318] GetLastError () returned 0x514 [0316.318] RegQueryValueExW (in: hKey=0x4dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0316.318] RegSetValueExW (in: hKey=0x4dc, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0316.318] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0316.318] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0316.318] GetLastError () returned 0x514 [0316.318] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0317.349] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0317.350] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0317.350] GetCurrentProcessId () returned 0xb38 [0317.351] OpenProcess (dwDesiredAccess=0x500, bInheritHandle=0, dwProcessId=0xb38) returned 0x4e0 [0317.351] GetLastError () returned 0x514 [0317.351] GetExitCodeProcess (in: hProcess=0x4e0, lpExitCode=0x264ee88 | out: lpExitCode=0x264ee88*=0x103) returned 1 [0317.351] GetLastError () returned 0x514 [0317.352] GetProcessWorkingSetSize (in: hProcess=0x4e0, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0317.352] GetLastError () returned 0x514 [0317.352] SetProcessWorkingSetSize (hProcess=0x4e0, dwMinimumWorkingSetSize=0x400, dwMaximumWorkingSetSize=0x159000) returned 1 [0317.366] GetLastError () returned 0x514 [0317.367] GetProcessWorkingSetSize (in: hProcess=0x4e0, lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c | out: lpMinimumWorkingSetSize=0x1aee30, lpMaximumWorkingSetSize=0x1aee2c) returned 1 [0317.367] GetLastError () returned 0x514 [0317.368] CloseHandle (hObject=0x4e0) returned 1 [0317.368] GetLastError () returned 0x514 [0317.369] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0317.370] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0317.370] GetLastError () returned 0x514 [0317.371] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4e0) returned 0x0 [0317.372] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0317.372] GetLastError () returned 0x514 [0317.373] RegQueryValueExW (in: hKey=0x4e0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0317.373] RegSetValueExW (in: hKey=0x4e0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0317.374] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0317.374] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0317.374] GetLastError () returned 0x514 [0317.374] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0318.403] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0318.403] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0318.403] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0318.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0318.403] GetLastError () returned 0x514 [0318.404] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4e8) returned 0x0 [0318.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0318.404] GetLastError () returned 0x514 [0318.404] RegQueryValueExW (in: hKey=0x4e8, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0318.404] RegSetValueExW (in: hKey=0x4e8, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0318.404] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0318.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0318.404] GetLastError () returned 0x514 [0318.405] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0319.411] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0319.412] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0319.412] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0319.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0319.412] GetLastError () returned 0x514 [0319.412] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4e4) returned 0x0 [0319.413] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0319.413] GetLastError () returned 0x514 [0319.413] RegQueryValueExW (in: hKey=0x4e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0319.413] RegSetValueExW (in: hKey=0x4e4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0319.413] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0319.413] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0319.413] GetLastError () returned 0x514 [0319.413] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0320.456] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0320.456] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0320.456] GetForegroundWindow () returned 0x10088 [0320.456] GetLastError () returned 0x514 [0320.456] GetWindowTextLengthA (hWnd=0x10088) returned 0 [0320.457] GetLastError () returned 0x514 [0320.457] GetWindowTextA (in: hWnd=0x10088, lpString=0x1aebb0, nMaxCount=1 | out: lpString="") returned 0 [0320.457] GetLastError () returned 0x514 [0320.457] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0320.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0320.457] GetLastError () returned 0x514 [0320.458] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4ec) returned 0x0 [0320.458] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0320.458] GetLastError () returned 0x514 [0320.458] RegQueryValueExW (in: hKey=0x4ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0320.458] RegSetValueExW (in: hKey=0x4ec, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0320.458] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0320.458] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0320.458] GetLastError () returned 0x514 [0320.459] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0321.482] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0321.482] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0321.483] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0321.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0321.483] GetLastError () returned 0x514 [0321.483] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4f0) returned 0x0 [0321.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0321.483] GetLastError () returned 0x514 [0321.483] RegQueryValueExW (in: hKey=0x4f0, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0321.483] RegSetValueExW (in: hKey=0x4f0, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0321.483] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0321.484] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0321.484] GetLastError () returned 0x514 [0321.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 [0322.493] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1aedc4 | out: lplpMessageFilter=0x1aedc4*=0x0) returned 0x0 [0322.494] PeekMessageW (in: lpMsg=0x1aed9c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1aed9c) returned 0 [0322.494] RegQueryValueExW (in: hKey=0x80000001, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0322.494] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0322.494] GetLastError () returned 0x514 [0322.495] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x4f4) returned 0x0 [0322.495] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0322.495] GetLastError () returned 0x514 [0322.496] RegQueryValueExW (in: hKey=0x4f4, lpValueName="7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aedf8, lpData=0x0, lpcbData=0x1aedf4*=0x0 | out: lpType=0x1aedf8*=0x1, lpData=0x0, lpcbData=0x1aedf4*=0x72) returned 0x0 [0322.497] RegSetValueExW (in: hKey=0x4f4, lpValueName="7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..", cbData=0x72 | out: lpData="\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" ..") returned 0x0 [0322.497] RegQueryValueExW (in: hKey=0x80000002, lpValueName="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\7657c14284185fbd3fb108b43c7467ba", lpReserved=0x0, lpType=0x1aee34, lpData=0x0, lpcbData=0x1aee30*=0x0 | out: lpType=0x1aee34*=0x0, lpData=0x0, lpcbData=0x1aee30*=0x0) returned 0x2 [0322.497] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x1ae930, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0322.497] GetLastError () returned 0x514 [0322.498] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x1aedf8 | out: phkResult=0x1aedf8*=0x0) returned 0x5 Thread: id = 27 os_tid = 0xb50 Thread: id = 28 os_tid = 0xb60 Thread: id = 29 os_tid = 0xb74 [0210.994] CoGetContextToken (in: pToken=0x466f698 | out: pToken=0x466f698) returned 0x800401f0 [0210.994] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 46 os_tid = 0xa48 [0224.208] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0226.813] CreateFileMappingW (hFile=0x2bc, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2c0 [0228.889] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", nBufferLength=0x105, lpBuffer=0x520e974, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", lpFilePart=0x0) returned 0x36 [0228.889] GetLastError () returned 0x0 [0228.889] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", nBufferLength=0x105, lpBuffer=0x520e928, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", lpFilePart=0x0) returned 0x36 [0228.889] GetLastError () returned 0x0 [0228.892] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x520e92c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0228.892] GetLastError () returned 0x0 [0229.403] CreateFileMappingW (hFile=0x2d4, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x2d8 [0230.331] GetVersionExW (in: lpVersionInformation=0x761680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x761680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0230.331] GetLastError () returned 0x0 [0230.333] GetCurrentProcess () returned 0xffffffff [0230.333] GetLastError () returned 0x3f0 [0230.335] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520ea3c | out: TokenHandle=0x520ea3c*=0x2e0) returned 1 [0230.335] GetLastError () returned 0x3f0 [0230.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x520e5d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\", lpFilePart=0x0) returned 0x2e [0230.354] GetLastError () returned 0x0 [0230.473] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x520ea80 | out: lpFileInformation=0x520ea80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0230.473] GetLastError () returned 0x0 [0230.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x520e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0230.556] GetLastError () returned 0x0 [0230.582] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x520ea78 | out: lpFileInformation=0x520ea78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf4e31bc, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xdd8a827a, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe8659c4d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0230.582] GetLastError () returned 0x0 [0230.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x520e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0230.584] GetLastError () returned 0x0 [0230.584] SetErrorMode (uMode=0x1) returned 0x0 [0230.593] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2e8 [0230.594] GetLastError () returned 0x0 [0230.595] GetFileType (hFile=0x2e8) returned 0x1 [0230.595] SetErrorMode (uMode=0x0) returned 0x1 [0230.595] GetFileType (hFile=0x2e8) returned 0x1 [0230.862] GetFileSize (in: hFile=0x2e8, lpFileSizeHigh=0x520ea5c | out: lpFileSizeHigh=0x520ea5c*=0x0) returned 0x65b3 [0230.862] GetLastError () returned 0x0 [0230.864] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520ea14, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520ea14*=0x1000, lpOverlapped=0x0) returned 1 [0230.865] GetLastError () returned 0x0 [0232.208] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520e630, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520e630*=0x1000, lpOverlapped=0x0) returned 1 [0232.209] GetLastError () returned 0x0 [0232.213] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520e474, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520e474*=0x1000, lpOverlapped=0x0) returned 1 [0232.213] GetLastError () returned 0x0 [0232.214] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520e474, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520e474*=0x1000, lpOverlapped=0x0) returned 1 [0232.214] GetLastError () returned 0x0 [0232.215] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520e474, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520e474*=0x1000, lpOverlapped=0x0) returned 1 [0232.215] GetLastError () returned 0x0 [0232.360] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520e5a4, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520e5a4*=0x1000, lpOverlapped=0x0) returned 1 [0232.361] GetLastError () returned 0x0 [0232.361] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520e35c, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520e35c*=0x5b3, lpOverlapped=0x0) returned 1 [0232.367] GetLastError () returned 0x0 [0232.367] ReadFile (in: hFile=0x2e8, lpBuffer=0x2596388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x520e4f8, lpOverlapped=0x0 | out: lpBuffer=0x2596388*, lpNumberOfBytesRead=0x520e4f8*=0x0, lpOverlapped=0x0) returned 1 [0232.367] GetLastError () returned 0x0 [0232.371] CloseHandle (hObject=0x2e8) returned 1 [0232.371] GetLastError () returned 0x0 [0232.382] GetCurrentProcess () returned 0xffffffff [0232.382] GetLastError () returned 0x3f0 [0232.382] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520ed50 | out: TokenHandle=0x520ed50*=0x2e8) returned 1 [0232.382] GetLastError () returned 0x3f0 [0232.387] GetCurrentProcess () returned 0xffffffff [0232.387] GetLastError () returned 0x3f0 [0232.387] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520ed50 | out: TokenHandle=0x520ed50*=0x2f0) returned 1 [0232.387] GetLastError () returned 0x3f0 [0232.391] GetCurrentProcess () returned 0xffffffff [0232.391] GetLastError () returned 0x3f0 [0232.391] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520ea3c | out: TokenHandle=0x520ea3c*=0x2f4) returned 1 [0232.391] GetLastError () returned 0x3f0 [0232.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.config"), fInfoLevelId=0x0, lpFileInformation=0x520ea80 | out: lpFileInformation=0x520ea80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0232.392] GetLastError () returned 0x2 [0232.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", nBufferLength=0x105, lpBuffer=0x520e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config", lpFilePart=0x0) returned 0x36 [0232.393] GetLastError () returned 0x2 [0232.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.config"), fInfoLevelId=0x0, lpFileInformation=0x520ea78 | out: lpFileInformation=0x520ea78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0232.393] GetLastError () returned 0x2 [0232.394] GetCurrentProcess () returned 0xffffffff [0232.394] GetLastError () returned 0x3f0 [0232.394] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520ed50 | out: TokenHandle=0x520ed50*=0x2f8) returned 1 [0232.394] GetLastError () returned 0x3f0 [0232.403] GetCurrentProcess () returned 0xffffffff [0232.403] GetLastError () returned 0x3f0 [0232.403] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520ed50 | out: TokenHandle=0x520ed50*=0x2fc) returned 1 [0232.403] GetLastError () returned 0x3f0 [0232.588] GetCurrentProcess () returned 0xffffffff [0232.588] GetLastError () returned 0x3f0 [0232.588] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520eb34 | out: TokenHandle=0x520eb34*=0x300) returned 1 [0232.589] GetLastError () returned 0x3f0 [0232.918] GetCurrentProcess () returned 0xffffffff [0232.918] GetLastError () returned 0x3f0 [0232.918] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520eb44 | out: TokenHandle=0x520eb44*=0x304) returned 1 [0232.919] GetLastError () returned 0x3f0 [0233.021] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x761668 | out: lpWSAData=0x761668) returned 0 [0233.027] GetLastError () returned 0x0 [0233.041] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x520e72c | out: phkResult=0x520e72c*=0x328) returned 0x0 [0233.041] RegQueryValueExW (in: hKey=0x328, lpValueName="InstallationType", lpReserved=0x0, lpType=0x520e774, lpData=0x0, lpcbData=0x520e770*=0x0 | out: lpType=0x520e774*=0x1, lpData=0x0, lpcbData=0x520e770*=0xe) returned 0x0 [0233.043] RegQueryValueExW (in: hKey=0x328, lpValueName="InstallationType", lpReserved=0x0, lpType=0x520e774, lpData=0x761668, lpcbData=0x520e770*=0xe | out: lpType=0x520e774*=0x1, lpData="Client", lpcbData=0x520e770*=0xe) returned 0x0 [0233.044] RegCloseKey (hKey=0x328) returned 0x0 [0233.057] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x32c [0233.081] GetLastError () returned 0x0 [0233.082] setsockopt (s=0x32c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0233.082] GetLastError () returned 0x273a [0233.082] closesocket (s=0x32c) returned 0 [0233.082] GetLastError () returned 0x0 [0233.082] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x32c [0233.084] GetLastError () returned 0x0 [0233.084] setsockopt (s=0x32c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0233.084] GetLastError () returned 0x273a [0233.084] closesocket (s=0x32c) returned 0 [0233.085] GetLastError () returned 0x0 [0233.093] GetCurrentProcess () returned 0xffffffff [0233.093] GetLastError () returned 0x3f0 [0233.093] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520eb4c | out: TokenHandle=0x520eb4c*=0x32c) returned 1 [0233.093] GetLastError () returned 0x3f0 [0233.109] GetCurrentProcess () returned 0xffffffff [0233.109] GetLastError () returned 0x3f0 [0233.109] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x520eb5c | out: TokenHandle=0x520eb5c*=0x330) returned 1 [0233.109] GetLastError () returned 0x3f0 [0233.216] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x520e954, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0233.216] GetLastError () returned 0x3f0 [0233.221] GetCurrentProcessId () returned 0xb38 [0233.226] GetComputerNameW (in: lpBuffer=0x761668, nSize=0x25bc870 | out: lpBuffer="XC64ZB", nSize=0x25bc870) returned 1 [0233.228] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x520edb8 | out: phkResult=0x520edb8*=0x334) returned 0x0 [0233.230] RegQueryValueExW (in: hKey=0x334, lpValueName="Library", lpReserved=0x0, lpType=0x520edf4, lpData=0x0, lpcbData=0x520edf0*=0x0 | out: lpType=0x520edf4*=0x2, lpData=0x0, lpcbData=0x520edf0*=0x48) returned 0x0 [0233.230] RegQueryValueExW (in: hKey=0x334, lpValueName="Library", lpReserved=0x0, lpType=0x520edf4, lpData=0x761668, lpcbData=0x520edf0*=0x48 | out: lpType=0x520edf4*=0x2, lpData="%systemroot%\\system32\\netfxperf.dll", lpcbData=0x520edf0*=0x48) returned 0x0 [0233.230] RegQueryValueExW (in: hKey=0x334, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x520ee00, lpData=0x0, lpcbData=0x520edfc*=0x0 | out: lpType=0x520ee00*=0x4, lpData=0x0, lpcbData=0x520edfc*=0x4) returned 0x0 [0233.232] RegQueryValueExW (in: hKey=0x334, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x520ee00, lpData=0x520edec, lpcbData=0x520edfc*=0x4 | out: lpType=0x520ee00*=0x4, lpData=0x520edec*=0x1, lpcbData=0x520edfc*=0x4) returned 0x0 [0233.232] RegQueryValueExW (in: hKey=0x334, lpValueName="First Counter", lpReserved=0x0, lpType=0x520ee00, lpData=0x0, lpcbData=0x520edfc*=0x0 | out: lpType=0x520ee00*=0x4, lpData=0x0, lpcbData=0x520edfc*=0x4) returned 0x0 [0233.232] RegQueryValueExW (in: hKey=0x334, lpValueName="First Counter", lpReserved=0x0, lpType=0x520ee00, lpData=0x520edec, lpcbData=0x520edfc*=0x4 | out: lpType=0x520ee00*=0x4, lpData=0x520edec*=0x1770, lpcbData=0x520edfc*=0x4) returned 0x0 [0233.232] RegCloseKey (hKey=0x334) returned 0x0 [0233.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", ulOptions=0x0, samDesired=0x20019, phkResult=0x520eda8 | out: phkResult=0x520eda8*=0x334) returned 0x0 [0233.234] RegQueryValueExW (in: hKey=0x334, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x520edf0, lpData=0x0, lpcbData=0x520edec*=0x0 | out: lpType=0x520edf0*=0x4, lpData=0x0, lpcbData=0x520edec*=0x4) returned 0x0 [0233.234] RegQueryValueExW (in: hKey=0x334, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x520edf0, lpData=0x520eddc, lpcbData=0x520edec*=0x4 | out: lpType=0x520edf0*=0x4, lpData=0x520eddc*=0x3, lpcbData=0x520edec*=0x4) returned 0x0 [0233.234] RegQueryValueExW (in: hKey=0x334, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x520edf0, lpData=0x0, lpcbData=0x520edec*=0x0 | out: lpType=0x520edf0*=0x4, lpData=0x0, lpcbData=0x520edec*=0x4) returned 0x0 [0233.234] RegQueryValueExW (in: hKey=0x334, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x520edf0, lpData=0x520eddc, lpcbData=0x520edec*=0x4 | out: lpType=0x520edf0*=0x4, lpData=0x520eddc*=0x20000, lpcbData=0x520edec*=0x4) returned 0x0 [0233.234] RegQueryValueExW (in: hKey=0x334, lpValueName="Counter Names", lpReserved=0x0, lpType=0x520edf0, lpData=0x0, lpcbData=0x520edec*=0x0 | out: lpType=0x520edf0*=0x3, lpData=0x0, lpcbData=0x520edec*=0xaa) returned 0x0 [0233.234] RegQueryValueExW (in: hKey=0x334, lpValueName="Counter Names", lpReserved=0x0, lpType=0x520edf0, lpData=0x25bef6c, lpcbData=0x520edec*=0xaa | out: lpType=0x520edf0*=0x3, lpData=0x25bef6c*, lpcbData=0x520edec*=0xaa) returned 0x0 [0233.238] ConvertStringSecurityDescriptorToSecurityDescriptorW (in: StringSecurityDescriptor="D:(A;OICI;FRFWGRGW;;;AU)(A;OICI;FRFWGRGW;;;S-1-5-33)", StringSDRevision=0x1, SecurityDescriptor=0x520ed5c, SecurityDescriptorSize=0x0 | out: SecurityDescriptor=0x520ed5c*=0x0*(Revision=0x1, Sbz1=0x0, Control=0x8004, Owner=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x0), Group=0x0*(Revision=0x0, SubAuthorityCount=0x0, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0), SubAuthority=0x14), Sacl=0x0*(AclRevision=0x0, Sbz1=0x0, AclSize=0x0, AceCount=0x14, Sbz2=0x0), Dacl=0x14*(AclRevision=0x14, Sbz1=0x0, AclSize=0x0, AceCount=0x2, Sbz2=0x30)), SecurityDescriptorSize=0x0) returned 1 [0233.252] GetLastError () returned 0x0 [0233.254] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x761698, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x36c [0233.254] GetLastError () returned 0x0 [0233.255] MapViewOfFile (hFileMappingObject=0x36c, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x5570000 [0233.257] VirtualQuery (in: lpAddress=0x5570000, lpBuffer=0x520edc0, dwLength=0x1c | out: lpBuffer=0x520edc0*(BaseAddress=0x5570000, AllocationBase=0x5570000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000)) returned 0x1c [0233.257] GetLastError () returned 0x0 [0233.257] LocalFree (hMem=0x76d2e0) returned 0x0 [0233.257] RegCloseKey (hKey=0x334) returned 0x0 [0233.260] GetVersionExW (in: lpVersionInformation=0x761680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x761680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0233.260] GetLastError () returned 0x0 [0233.260] GetVersionExW (in: lpVersionInformation=0x761680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x761680*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0233.260] GetLastError () returned 0x0 [0233.262] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25bf9b4, cbSid=0x520eda0 | out: pSid=0x25bf9b4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520eda0) returned 1 [0233.262] GetLastError () returned 0x0 [0233.264] CreateMutexW (lpMutexAttributes=0x25bfb04, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.264] GetLastError () returned 0x0 [0233.266] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.266] GetLastError () returned 0x0 [0233.266] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25bfcd8, cbSid=0x520ed60 | out: pSid=0x25bfcd8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520ed60) returned 1 [0233.266] GetLastError () returned 0x0 [0233.266] CreateMutexW (lpMutexAttributes=0x25bfde8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0233.266] GetLastError () returned 0x5 [0233.267] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x370 [0233.267] GetLastError () returned 0x5 [0233.268] WaitForSingleObject (hHandle=0x370, dwMilliseconds=0x1f4) returned 0x0 [0233.268] GetLastError () returned 0x5 [0233.268] ReleaseMutex (hMutex=0x370) returned 1 [0233.268] GetLastError () returned 0x5 [0233.268] CloseHandle (hObject=0x370) returned 1 [0233.268] GetLastError () returned 0x5 [0233.268] GetCurrentProcessId () returned 0xb38 [0233.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb38) returned 0x370 [0233.270] GetLastError () returned 0x5 [0233.270] GetProcessTimes (in: hProcess=0x370, lpCreationTime=0x520ed64, lpExitTime=0x520ed5c, lpKernelTime=0x520ed5c, lpUserTime=0x520ed5c | out: lpCreationTime=0x520ed64, lpExitTime=0x520ed5c, lpKernelTime=0x520ed5c, lpUserTime=0x520ed5c) returned 1 [0233.270] GetLastError () returned 0x5 [0233.271] CloseHandle (hObject=0x370) returned 1 [0233.271] GetLastError () returned 0x5 [0233.271] ReleaseMutex (hMutex=0x334) returned 1 [0233.271] GetLastError () returned 0x5 [0233.271] CloseHandle (hObject=0x334) returned 1 [0233.272] GetLastError () returned 0x5 [0233.272] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c05c0, cbSid=0x520eda0 | out: pSid=0x25c05c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520eda0) returned 1 [0233.272] GetLastError () returned 0x5 [0233.273] CreateMutexW (lpMutexAttributes=0x25c06d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.273] GetLastError () returned 0x0 [0233.273] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.273] GetLastError () returned 0x0 [0233.276] ReleaseMutex (hMutex=0x334) returned 1 [0233.276] GetLastError () returned 0x0 [0233.276] CloseHandle (hObject=0x334) returned 1 [0233.277] GetLastError () returned 0x0 [0233.277] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c0f20, cbSid=0x520eda0 | out: pSid=0x25c0f20*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520eda0) returned 1 [0233.277] GetLastError () returned 0x0 [0233.277] CreateMutexW (lpMutexAttributes=0x25c1030, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.277] GetLastError () returned 0x0 [0233.277] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.277] GetLastError () returned 0x0 [0233.278] ReleaseMutex (hMutex=0x334) returned 1 [0233.278] GetLastError () returned 0x0 [0233.278] CloseHandle (hObject=0x334) returned 1 [0233.278] GetLastError () returned 0x0 [0233.278] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c16a0, cbSid=0x520eda0 | out: pSid=0x25c16a0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520eda0) returned 1 [0233.278] GetLastError () returned 0x0 [0233.278] CreateMutexW (lpMutexAttributes=0x25c17b0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.278] GetLastError () returned 0x0 [0233.278] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.278] GetLastError () returned 0x0 [0233.279] ReleaseMutex (hMutex=0x334) returned 1 [0233.279] GetLastError () returned 0x0 [0233.279] CloseHandle (hObject=0x334) returned 1 [0233.279] GetLastError () returned 0x0 [0233.279] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c1e18, cbSid=0x520eda0 | out: pSid=0x25c1e18*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520eda0) returned 1 [0233.279] GetLastError () returned 0x0 [0233.279] CreateMutexW (lpMutexAttributes=0x25c1f28, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.279] GetLastError () returned 0x0 [0233.280] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.280] GetLastError () returned 0x0 [0233.280] ReleaseMutex (hMutex=0x334) returned 1 [0233.280] GetLastError () returned 0x0 [0233.281] CloseHandle (hObject=0x334) returned 1 [0233.281] GetLastError () returned 0x0 [0233.281] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c25a4, cbSid=0x520ed98 | out: pSid=0x25c25a4*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520ed98) returned 1 [0233.281] GetLastError () returned 0x0 [0233.281] CreateMutexW (lpMutexAttributes=0x25c26b4, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.281] GetLastError () returned 0x0 [0233.281] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.282] GetLastError () returned 0x0 [0233.282] ReleaseMutex (hMutex=0x334) returned 1 [0233.282] GetLastError () returned 0x0 [0233.282] CloseHandle (hObject=0x334) returned 1 [0233.282] GetLastError () returned 0x0 [0233.282] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c2d3c, cbSid=0x520ed98 | out: pSid=0x25c2d3c*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520ed98) returned 1 [0233.282] GetLastError () returned 0x0 [0233.283] CreateMutexW (lpMutexAttributes=0x25c2e4c, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.283] GetLastError () returned 0x0 [0233.283] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.283] GetLastError () returned 0x0 [0233.283] ReleaseMutex (hMutex=0x334) returned 1 [0233.283] GetLastError () returned 0x0 [0233.283] CloseHandle (hObject=0x334) returned 1 [0233.283] GetLastError () returned 0x0 [0233.283] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c34b0, cbSid=0x520ed98 | out: pSid=0x25c34b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520ed98) returned 1 [0233.283] GetLastError () returned 0x0 [0233.284] CreateMutexW (lpMutexAttributes=0x25c35c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.284] GetLastError () returned 0x0 [0233.284] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.284] GetLastError () returned 0x0 [0233.284] ReleaseMutex (hMutex=0x334) returned 1 [0233.284] GetLastError () returned 0x0 [0233.284] CloseHandle (hObject=0x334) returned 1 [0233.284] GetLastError () returned 0x0 [0233.284] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c3c34, cbSid=0x520ed98 | out: pSid=0x25c3c34*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520ed98) returned 1 [0233.284] GetLastError () returned 0x0 [0233.285] CreateMutexW (lpMutexAttributes=0x25c3d44, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.285] GetLastError () returned 0x0 [0233.285] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.285] GetLastError () returned 0x0 [0233.285] ReleaseMutex (hMutex=0x334) returned 1 [0233.285] GetLastError () returned 0x0 [0233.285] CloseHandle (hObject=0x334) returned 1 [0233.285] GetLastError () returned 0x0 [0233.286] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x25c43b0, cbSid=0x520ed98 | out: pSid=0x25c43b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x520ed98) returned 1 [0233.286] GetLastError () returned 0x0 [0233.286] CreateMutexW (lpMutexAttributes=0x25c44c0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x334 [0233.286] GetLastError () returned 0x0 [0233.286] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0x1f4) returned 0x0 [0233.286] GetLastError () returned 0x0 [0233.287] ReleaseMutex (hMutex=0x334) returned 1 [0233.287] GetLastError () returned 0x0 [0233.287] CloseHandle (hObject=0x334) returned 1 [0233.287] GetLastError () returned 0x0 [0233.302] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x370 [0233.302] GetLastError () returned 0x0 [0233.304] setsockopt (s=0x370, level=65535, optname=4098, optval="", optlen=4) returned 0 [0233.304] GetLastError () returned 0x0 [0233.304] setsockopt (s=0x370, level=65535, optname=4097, optval="", optlen=4) returned 0 [0233.304] GetLastError () returned 0x0 [0233.304] setsockopt (s=0x370, level=65535, optname=4101, optval="\x10'", optlen=4) returned 0 [0233.304] GetLastError () returned 0x0 [0233.304] setsockopt (s=0x370, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0233.304] GetLastError () returned 0x0 [0233.365] inet_addr (cp="10.10.1.11") returned 0xb010a0a [0233.365] GetLastError () returned 0x0 [0233.370] WSAConnect (in: s=0x370, name=0x25c659c*(sa_family=2, sin_port=0x15b0, sin_addr="10.10.1.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0254.556] GetLastError () returned 0x274c [0254.561] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274c, dwLanguageId=0x0, lpBuffer=0x761668, nSize=0x101, Arguments=0x0 | out: lpBuffer="A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.\r\n") returned 0xb9 [0254.577] GetLastError () returned 0x274c [0256.600] shutdown (s=0x370, how=2) returned -1 [0256.600] GetLastError () returned 0x2749 [0256.603] closesocket (s=0x370) returned 0 [0256.604] GetLastError () returned 0x0 [0256.604] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x370 [0256.605] GetLastError () returned 0x0 [0256.605] setsockopt (s=0x370, level=65535, optname=4098, optval="", optlen=4) returned 0 [0256.605] GetLastError () returned 0x0 [0256.605] setsockopt (s=0x370, level=65535, optname=4097, optval="", optlen=4) returned 0 [0256.605] GetLastError () returned 0x0 [0256.606] setsockopt (s=0x370, level=65535, optname=4101, optval="\x10'", optlen=4) returned 0 [0256.606] GetLastError () returned 0x0 [0256.606] setsockopt (s=0x370, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0256.606] GetLastError () returned 0x0 [0256.606] inet_addr (cp="10.10.1.11") returned 0xb010a0a [0256.607] GetLastError () returned 0x0 [0256.607] WSAConnect (in: s=0x370, name=0x25ea774*(sa_family=2, sin_port=0x15b0, sin_addr="10.10.1.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0277.755] GetLastError () returned 0x274c [0277.756] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274c, dwLanguageId=0x0, lpBuffer=0x761668, nSize=0x101, Arguments=0x0 | out: lpBuffer="A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.\r\n") returned 0xb9 [0277.756] GetLastError () returned 0x274c [0279.771] shutdown (s=0x370, how=2) returned -1 [0279.771] GetLastError () returned 0x2749 [0279.771] closesocket (s=0x370) returned 0 [0279.772] GetLastError () returned 0x0 [0279.772] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x370 [0279.772] GetLastError () returned 0x0 [0279.772] setsockopt (s=0x370, level=65535, optname=4098, optval="", optlen=4) returned 0 [0279.772] GetLastError () returned 0x0 [0279.772] setsockopt (s=0x370, level=65535, optname=4097, optval="", optlen=4) returned 0 [0279.773] GetLastError () returned 0x0 [0279.773] setsockopt (s=0x370, level=65535, optname=4101, optval="\x10'", optlen=4) returned 0 [0279.773] GetLastError () returned 0x0 [0279.773] setsockopt (s=0x370, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0279.773] GetLastError () returned 0x0 [0279.773] inet_addr (cp="10.10.1.11") returned 0xb010a0a [0279.773] GetLastError () returned 0x0 [0279.774] WSAConnect (in: s=0x370, name=0x26119b0*(sa_family=2, sin_port=0x15b0, sin_addr="10.10.1.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0301.284] GetLastError () returned 0x274c [0301.284] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274c, dwLanguageId=0x0, lpBuffer=0x761668, nSize=0x101, Arguments=0x0 | out: lpBuffer="A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.\r\n") returned 0xb9 [0301.285] GetLastError () returned 0x274c [0303.299] shutdown (s=0x370, how=2) returned -1 [0303.299] GetLastError () returned 0x2749 [0303.299] closesocket (s=0x370) returned 0 [0303.300] GetLastError () returned 0x0 [0303.300] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x370 [0303.301] GetLastError () returned 0x0 [0303.301] setsockopt (s=0x370, level=65535, optname=4098, optval="", optlen=4) returned 0 [0303.301] GetLastError () returned 0x0 [0303.301] setsockopt (s=0x370, level=65535, optname=4097, optval="", optlen=4) returned 0 [0303.301] GetLastError () returned 0x0 [0303.301] setsockopt (s=0x370, level=65535, optname=4101, optval="\x10'", optlen=4) returned 0 [0303.301] GetLastError () returned 0x0 [0303.301] setsockopt (s=0x370, level=65535, optname=4102, optval="\x10'", optlen=4) returned 0 [0303.302] GetLastError () returned 0x0 [0303.302] inet_addr (cp="10.10.1.11") returned 0xb010a0a [0303.302] GetLastError () returned 0x0 [0303.303] WSAConnect (s=0x370, name=0x2638a88*(sa_family=2, sin_port=0x15b0, sin_addr="10.10.1.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0) Thread: id = 47 os_tid = 0x820 [0224.288] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0224.398] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", ulOptions=0x0, samDesired=0x20019, phkResult=0x528f188 | out: phkResult=0x528f188*=0x0) returned 0x2 [0224.682] GetAsyncKeyState (vKey=0) returned 0 [0224.684] GetLastError () returned 0x0 [0225.151] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc150 [0225.151] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc14d [0225.173] GetKeyState (nVirtKey=16) returned 0 [0225.173] GetKeyState (nVirtKey=17) returned 0 [0225.173] GetKeyState (nVirtKey=18) returned 0 [0225.173] GetAsyncKeyState (vKey=1) returned 0 [0225.173] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.174] GetKeyState (nVirtKey=17) returned 0 [0225.174] GetKeyState (nVirtKey=18) returned 0 [0225.174] GetAsyncKeyState (vKey=2) returned 0 [0225.174] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.174] GetKeyState (nVirtKey=17) returned 0 [0225.174] GetKeyState (nVirtKey=18) returned 0 [0225.174] GetAsyncKeyState (vKey=3) returned 0 [0225.174] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.174] GetKeyState (nVirtKey=17) returned 0 [0225.174] GetKeyState (nVirtKey=18) returned 0 [0225.174] GetAsyncKeyState (vKey=4) returned 0 [0225.174] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.174] GetKeyState (nVirtKey=17) returned 0 [0225.174] GetKeyState (nVirtKey=18) returned 0 [0225.174] GetAsyncKeyState (vKey=5) returned 0 [0225.174] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.174] GetKeyState (nVirtKey=17) returned 0 [0225.174] GetKeyState (nVirtKey=18) returned 0 [0225.174] GetAsyncKeyState (vKey=6) returned 0 [0225.174] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.174] GetKeyState (nVirtKey=17) returned 0 [0225.174] GetKeyState (nVirtKey=18) returned 0 [0225.174] GetAsyncKeyState (vKey=7) returned 0 [0225.174] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.174] GetKeyState (nVirtKey=17) returned 0 [0225.174] GetKeyState (nVirtKey=18) returned 0 [0225.174] GetAsyncKeyState (vKey=8) returned 0 [0225.174] GetLastError () returned 0x0 [0225.174] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.175] GetKeyState (nVirtKey=18) returned 0 [0225.175] GetAsyncKeyState (vKey=9) returned 0 [0225.175] GetLastError () returned 0x0 [0225.175] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.175] GetKeyState (nVirtKey=18) returned 0 [0225.175] GetAsyncKeyState (vKey=10) returned 0 [0225.175] GetLastError () returned 0x0 [0225.175] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.175] GetKeyState (nVirtKey=18) returned 0 [0225.175] GetAsyncKeyState (vKey=11) returned 0 [0225.175] GetLastError () returned 0x0 [0225.175] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.175] GetKeyState (nVirtKey=18) returned 0 [0225.175] GetAsyncKeyState (vKey=12) returned 0 [0225.175] GetLastError () returned 0x0 [0225.175] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.175] GetKeyState (nVirtKey=18) returned 0 [0225.175] GetAsyncKeyState (vKey=13) returned 0 [0225.175] GetLastError () returned 0x0 [0225.175] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.175] GetKeyState (nVirtKey=18) returned 0 [0225.175] GetAsyncKeyState (vKey=14) returned 0 [0225.175] GetLastError () returned 0x0 [0225.175] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.175] GetKeyState (nVirtKey=18) returned 0 [0225.175] GetAsyncKeyState (vKey=15) returned 0 [0225.175] GetLastError () returned 0x0 [0225.175] GetKeyState (nVirtKey=16) returned 0 [0225.175] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=16) returned 0 [0225.176] GetLastError () returned 0x0 [0225.176] GetKeyState (nVirtKey=16) returned 0 [0225.176] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=17) returned 0 [0225.176] GetLastError () returned 0x0 [0225.176] GetKeyState (nVirtKey=16) returned 0 [0225.176] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=18) returned 0 [0225.176] GetLastError () returned 0x0 [0225.176] GetKeyState (nVirtKey=16) returned 0 [0225.176] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=19) returned 0 [0225.176] GetLastError () returned 0x0 [0225.176] GetKeyState (nVirtKey=16) returned 0 [0225.176] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=20) returned 0 [0225.176] GetLastError () returned 0x0 [0225.176] GetKeyState (nVirtKey=16) returned 0 [0225.176] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=21) returned 0 [0225.176] GetLastError () returned 0x0 [0225.176] GetKeyState (nVirtKey=16) returned 0 [0225.176] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=22) returned 0 [0225.176] GetLastError () returned 0x0 [0225.176] GetKeyState (nVirtKey=16) returned 0 [0225.176] GetKeyState (nVirtKey=17) returned 0 [0225.176] GetKeyState (nVirtKey=18) returned 0 [0225.176] GetAsyncKeyState (vKey=23) returned 0 [0225.177] GetLastError () returned 0x0 [0225.177] GetKeyState (nVirtKey=16) returned 0 [0225.177] GetKeyState (nVirtKey=17) returned 0 [0225.177] GetKeyState (nVirtKey=18) returned 0 [0225.177] GetAsyncKeyState (vKey=24) returned 0 [0225.177] GetLastError () returned 0x0 [0225.177] GetKeyState (nVirtKey=16) returned 0 [0225.177] GetKeyState (nVirtKey=17) returned 0 [0225.177] GetKeyState (nVirtKey=18) returned 0 [0225.177] GetAsyncKeyState (vKey=25) returned 0 [0225.177] GetLastError () returned 0x0 [0225.177] GetKeyState (nVirtKey=16) returned 0 [0225.177] GetKeyState (nVirtKey=17) returned 0 [0225.177] GetKeyState (nVirtKey=18) returned 0 [0225.177] GetAsyncKeyState (vKey=26) returned 0 [0225.177] GetLastError () returned 0x0 [0225.177] GetKeyState (nVirtKey=16) returned 0 [0225.177] GetKeyState (nVirtKey=17) returned 0 [0225.177] GetKeyState (nVirtKey=18) returned 0 [0225.177] GetAsyncKeyState (vKey=27) returned 0 [0225.177] GetLastError () returned 0x0 [0225.177] GetKeyState (nVirtKey=16) returned 0 [0225.177] GetKeyState (nVirtKey=17) returned 0 [0225.177] GetKeyState (nVirtKey=18) returned 0 [0225.177] GetAsyncKeyState (vKey=28) returned 0 [0225.177] GetLastError () returned 0x0 [0225.177] GetKeyState (nVirtKey=16) returned 0 [0225.177] GetKeyState (nVirtKey=17) returned 0 [0225.177] GetKeyState (nVirtKey=18) returned 0 [0225.177] GetAsyncKeyState (vKey=29) returned 0 [0225.177] GetLastError () returned 0x0 [0225.177] GetKeyState (nVirtKey=16) returned 0 [0225.177] GetKeyState (nVirtKey=17) returned 0 [0225.177] GetKeyState (nVirtKey=18) returned 0 [0225.177] GetAsyncKeyState (vKey=30) returned 0 [0225.177] GetLastError () returned 0x0 [0225.178] GetKeyState (nVirtKey=16) returned 0 [0225.178] GetKeyState (nVirtKey=17) returned 0 [0225.178] GetKeyState (nVirtKey=18) returned 0 [0225.178] GetAsyncKeyState (vKey=31) returned 0 [0225.178] GetLastError () returned 0x0 [0225.178] GetKeyState (nVirtKey=16) returned 0 [0225.178] GetKeyState (nVirtKey=17) returned 0 [0225.178] GetKeyState (nVirtKey=18) returned 0 [0225.178] GetAsyncKeyState (vKey=32) returned 0 [0225.178] GetLastError () returned 0x0 [0225.178] GetKeyState (nVirtKey=16) returned 0 [0225.178] GetKeyState (nVirtKey=17) returned 0 [0225.178] GetKeyState (nVirtKey=18) returned 0 [0225.178] GetAsyncKeyState (vKey=33) returned 0 [0225.178] GetLastError () returned 0x0 [0225.178] GetKeyState (nVirtKey=16) returned 0 [0225.178] GetKeyState (nVirtKey=17) returned 0 [0225.178] GetKeyState (nVirtKey=18) returned 0 [0225.178] GetAsyncKeyState (vKey=34) returned 0 [0225.178] GetLastError () returned 0x0 [0225.178] GetKeyState (nVirtKey=16) returned 0 [0225.178] GetKeyState (nVirtKey=17) returned 0 [0225.178] GetKeyState (nVirtKey=18) returned 0 [0225.178] GetAsyncKeyState (vKey=35) returned 0 [0225.178] GetLastError () returned 0x0 [0225.178] GetKeyState (nVirtKey=16) returned 0 [0225.178] GetKeyState (nVirtKey=17) returned 0 [0225.178] GetKeyState (nVirtKey=18) returned 0 [0225.178] GetAsyncKeyState (vKey=36) returned 0 [0225.179] GetLastError () returned 0x0 [0225.179] GetKeyState (nVirtKey=16) returned 0 [0225.179] GetKeyState (nVirtKey=17) returned 0 [0225.179] GetKeyState (nVirtKey=18) returned 0 [0225.179] GetAsyncKeyState (vKey=37) returned 0 [0225.179] GetLastError () returned 0x0 [0225.179] GetKeyState (nVirtKey=16) returned 0 [0225.179] GetKeyState (nVirtKey=17) returned 0 [0225.179] GetKeyState (nVirtKey=18) returned 0 [0225.179] GetAsyncKeyState (vKey=38) returned 0 [0225.179] GetLastError () returned 0x0 [0225.179] GetKeyState (nVirtKey=16) returned 0 [0225.179] GetKeyState (nVirtKey=17) returned 0 [0225.179] GetKeyState (nVirtKey=18) returned 0 [0225.179] GetAsyncKeyState (vKey=39) returned 0 [0225.179] GetLastError () returned 0x0 [0225.179] GetKeyState (nVirtKey=16) returned 0 [0225.179] GetKeyState (nVirtKey=17) returned 0 [0225.179] GetKeyState (nVirtKey=18) returned 0 [0225.179] GetAsyncKeyState (vKey=40) returned 0 [0225.179] GetLastError () returned 0x0 [0225.179] GetKeyState (nVirtKey=16) returned 0 [0225.179] GetKeyState (nVirtKey=17) returned 0 [0225.179] GetKeyState (nVirtKey=18) returned 0 [0225.179] GetAsyncKeyState (vKey=41) returned 0 [0225.179] GetLastError () returned 0x0 [0225.179] GetKeyState (nVirtKey=16) returned 0 [0225.179] GetKeyState (nVirtKey=17) returned 0 [0225.179] GetKeyState (nVirtKey=18) returned 0 [0225.179] GetAsyncKeyState (vKey=42) returned 0 [0225.180] GetLastError () returned 0x0 [0225.180] GetKeyState (nVirtKey=16) returned 0 [0225.180] GetKeyState (nVirtKey=17) returned 0 [0225.180] GetKeyState (nVirtKey=18) returned 0 [0225.180] GetAsyncKeyState (vKey=43) returned 0 [0225.180] GetLastError () returned 0x0 [0225.180] GetKeyState (nVirtKey=16) returned 0 [0225.180] GetKeyState (nVirtKey=17) returned 0 [0225.180] GetKeyState (nVirtKey=18) returned 0 [0225.180] GetAsyncKeyState (vKey=44) returned 0 [0225.180] GetLastError () returned 0x0 [0225.180] GetKeyState (nVirtKey=16) returned 0 [0225.180] GetKeyState (nVirtKey=17) returned 0 [0225.180] GetKeyState (nVirtKey=18) returned 0 [0225.180] GetAsyncKeyState (vKey=45) returned 0 [0225.180] GetLastError () returned 0x0 [0225.180] GetKeyState (nVirtKey=16) returned 0 [0225.180] GetKeyState (nVirtKey=17) returned 0 [0225.180] GetKeyState (nVirtKey=18) returned 0 [0225.180] GetAsyncKeyState (vKey=46) returned 0 [0225.180] GetLastError () returned 0x0 [0225.180] GetKeyState (nVirtKey=16) returned 0 [0225.180] GetKeyState (nVirtKey=17) returned 0 [0225.180] GetKeyState (nVirtKey=18) returned 0 [0225.180] GetAsyncKeyState (vKey=47) returned 0 [0225.180] GetLastError () returned 0x0 [0225.180] GetKeyState (nVirtKey=16) returned 0 [0225.180] GetKeyState (nVirtKey=17) returned 0 [0225.180] GetKeyState (nVirtKey=18) returned 0 [0225.181] GetAsyncKeyState (vKey=48) returned 0 [0225.181] GetLastError () returned 0x0 [0225.181] GetKeyState (nVirtKey=16) returned 0 [0225.181] GetKeyState (nVirtKey=17) returned 0 [0225.181] GetKeyState (nVirtKey=18) returned 0 [0225.181] GetAsyncKeyState (vKey=49) returned 0 [0225.181] GetLastError () returned 0x0 [0225.181] GetKeyState (nVirtKey=16) returned 0 [0225.181] GetKeyState (nVirtKey=17) returned 0 [0225.181] GetKeyState (nVirtKey=18) returned 0 [0225.181] GetAsyncKeyState (vKey=50) returned 0 [0225.181] GetLastError () returned 0x0 [0225.181] GetKeyState (nVirtKey=16) returned 0 [0225.181] GetKeyState (nVirtKey=17) returned 0 [0225.181] GetKeyState (nVirtKey=18) returned 0 [0225.181] GetAsyncKeyState (vKey=51) returned 0 [0225.181] GetLastError () returned 0x0 [0225.181] GetKeyState (nVirtKey=16) returned 0 [0225.181] GetKeyState (nVirtKey=17) returned 0 [0225.181] GetKeyState (nVirtKey=18) returned 0 [0225.181] GetAsyncKeyState (vKey=52) returned 0 [0225.181] GetLastError () returned 0x0 [0225.181] GetKeyState (nVirtKey=16) returned 0 [0225.181] GetKeyState (nVirtKey=17) returned 0 [0225.181] GetKeyState (nVirtKey=18) returned 0 [0225.181] GetAsyncKeyState (vKey=53) returned 0 [0225.181] GetLastError () returned 0x0 [0225.181] GetKeyState (nVirtKey=16) returned 0 [0225.181] GetKeyState (nVirtKey=17) returned 0 [0225.182] GetKeyState (nVirtKey=18) returned 0 [0225.182] GetAsyncKeyState (vKey=54) returned 0 [0225.182] GetLastError () returned 0x0 [0225.182] GetKeyState (nVirtKey=16) returned 0 [0225.182] GetKeyState (nVirtKey=17) returned 0 [0225.182] GetKeyState (nVirtKey=18) returned 0 [0225.182] GetAsyncKeyState (vKey=55) returned 0 [0225.182] GetLastError () returned 0x0 [0225.182] GetKeyState (nVirtKey=16) returned 0 [0225.182] GetKeyState (nVirtKey=17) returned 0 [0225.182] GetKeyState (nVirtKey=18) returned 0 [0225.182] GetAsyncKeyState (vKey=56) returned 0 [0225.182] GetLastError () returned 0x0 [0225.182] GetKeyState (nVirtKey=16) returned 0 [0225.182] GetKeyState (nVirtKey=17) returned 0 [0225.182] GetKeyState (nVirtKey=18) returned 0 [0225.182] GetAsyncKeyState (vKey=57) returned 0 [0225.182] GetLastError () returned 0x0 [0225.182] GetKeyState (nVirtKey=16) returned 0 [0225.182] GetKeyState (nVirtKey=17) returned 0 [0225.182] GetKeyState (nVirtKey=18) returned 0 [0225.182] GetAsyncKeyState (vKey=58) returned 0 [0225.182] GetLastError () returned 0x0 [0225.182] GetKeyState (nVirtKey=16) returned 0 [0225.182] GetKeyState (nVirtKey=17) returned 0 [0225.182] GetKeyState (nVirtKey=18) returned 0 [0225.182] GetAsyncKeyState (vKey=59) returned 0 [0225.182] GetLastError () returned 0x0 [0225.183] GetKeyState (nVirtKey=16) returned 0 [0225.183] GetKeyState (nVirtKey=17) returned 0 [0225.183] GetKeyState (nVirtKey=18) returned 0 [0225.183] GetAsyncKeyState (vKey=60) returned 0 [0225.183] GetLastError () returned 0x0 [0225.183] GetKeyState (nVirtKey=16) returned 0 [0225.183] GetKeyState (nVirtKey=17) returned 0 [0225.183] GetKeyState (nVirtKey=18) returned 0 [0225.183] GetAsyncKeyState (vKey=61) returned 0 [0225.183] GetLastError () returned 0x0 [0225.183] GetKeyState (nVirtKey=16) returned 0 [0225.183] GetKeyState (nVirtKey=17) returned 0 [0225.183] GetKeyState (nVirtKey=18) returned 0 [0225.183] GetAsyncKeyState (vKey=62) returned 0 [0225.183] GetLastError () returned 0x0 [0225.183] GetKeyState (nVirtKey=16) returned 0 [0225.183] GetKeyState (nVirtKey=17) returned 0 [0225.183] GetKeyState (nVirtKey=18) returned 0 [0225.183] GetAsyncKeyState (vKey=63) returned 0 [0225.183] GetLastError () returned 0x0 [0225.183] GetKeyState (nVirtKey=16) returned 0 [0225.183] GetKeyState (nVirtKey=17) returned 0 [0225.183] GetKeyState (nVirtKey=18) returned 0 [0225.183] GetAsyncKeyState (vKey=64) returned 0 [0225.183] GetLastError () returned 0x0 [0225.183] GetKeyState (nVirtKey=16) returned 0 [0225.183] GetKeyState (nVirtKey=17) returned 0 [0225.183] GetKeyState (nVirtKey=18) returned 0 [0225.183] GetAsyncKeyState (vKey=65) returned 0 [0225.184] GetLastError () returned 0x0 [0225.184] GetKeyState (nVirtKey=16) returned 0 [0225.184] GetKeyState (nVirtKey=17) returned 0 [0225.184] GetKeyState (nVirtKey=18) returned 0 [0225.184] GetAsyncKeyState (vKey=66) returned 0 [0225.189] GetLastError () returned 0x0 [0225.189] GetKeyState (nVirtKey=16) returned 0 [0225.189] GetKeyState (nVirtKey=17) returned 0 [0225.189] GetKeyState (nVirtKey=18) returned 0 [0225.189] GetAsyncKeyState (vKey=67) returned 0 [0225.189] GetLastError () returned 0x0 [0225.190] GetKeyState (nVirtKey=16) returned 0 [0225.190] GetKeyState (nVirtKey=17) returned 0 [0225.190] GetKeyState (nVirtKey=18) returned 0 [0225.190] GetAsyncKeyState (vKey=68) returned 0 [0225.190] GetLastError () returned 0x0 [0225.190] GetKeyState (nVirtKey=16) returned 0 [0225.190] GetKeyState (nVirtKey=17) returned 0 [0225.190] GetKeyState (nVirtKey=18) returned 0 [0225.190] GetAsyncKeyState (vKey=69) returned 0 [0225.190] GetLastError () returned 0x0 [0225.190] GetKeyState (nVirtKey=16) returned 0 [0225.190] GetKeyState (nVirtKey=17) returned 0 [0225.190] GetKeyState (nVirtKey=18) returned 0 [0225.190] GetAsyncKeyState (vKey=70) returned 0 [0225.190] GetLastError () returned 0x0 [0225.190] GetKeyState (nVirtKey=16) returned 0 [0225.190] GetKeyState (nVirtKey=17) returned 0 [0225.190] GetKeyState (nVirtKey=18) returned 0 [0225.190] GetAsyncKeyState (vKey=71) returned 0 [0225.190] GetLastError () returned 0x0 [0225.190] GetKeyState (nVirtKey=16) returned 0 [0225.191] GetKeyState (nVirtKey=17) returned 0 [0225.191] GetKeyState (nVirtKey=18) returned 0 [0225.191] GetAsyncKeyState (vKey=72) returned 0 [0225.191] GetLastError () returned 0x0 [0225.191] GetKeyState (nVirtKey=16) returned 0 [0225.191] GetKeyState (nVirtKey=17) returned 0 [0225.191] GetKeyState (nVirtKey=18) returned 0 [0225.191] GetAsyncKeyState (vKey=73) returned 0 [0225.191] GetLastError () returned 0x0 [0225.191] GetKeyState (nVirtKey=16) returned 0 [0225.191] GetKeyState (nVirtKey=17) returned 0 [0225.191] GetKeyState (nVirtKey=18) returned 0 [0225.191] GetAsyncKeyState (vKey=74) returned 0 [0225.191] GetLastError () returned 0x0 [0225.191] GetKeyState (nVirtKey=16) returned 0 [0225.191] GetKeyState (nVirtKey=17) returned 0 [0225.191] GetKeyState (nVirtKey=18) returned 0 [0225.191] GetAsyncKeyState (vKey=75) returned 0 [0225.191] GetLastError () returned 0x0 [0225.191] GetKeyState (nVirtKey=16) returned 0 [0225.191] GetKeyState (nVirtKey=17) returned 0 [0225.192] GetKeyState (nVirtKey=18) returned 0 [0225.192] GetAsyncKeyState (vKey=76) returned 0 [0225.192] GetLastError () returned 0x0 [0225.192] GetKeyState (nVirtKey=16) returned 0 [0225.192] GetKeyState (nVirtKey=17) returned 0 [0225.192] GetKeyState (nVirtKey=18) returned 0 [0225.192] GetAsyncKeyState (vKey=77) returned 0 [0225.192] GetLastError () returned 0x0 [0225.192] GetKeyState (nVirtKey=16) returned 0 [0225.192] GetKeyState (nVirtKey=17) returned 0 [0225.192] GetKeyState (nVirtKey=18) returned 0 [0225.192] GetAsyncKeyState (vKey=78) returned 0 [0225.192] GetLastError () returned 0x0 [0225.192] GetKeyState (nVirtKey=16) returned 0 [0225.192] GetKeyState (nVirtKey=17) returned 0 [0225.192] GetKeyState (nVirtKey=18) returned 0 [0225.192] GetAsyncKeyState (vKey=79) returned 0 [0225.192] GetLastError () returned 0x0 [0225.192] GetKeyState (nVirtKey=16) returned 0 [0225.192] GetKeyState (nVirtKey=17) returned 0 [0225.192] GetKeyState (nVirtKey=18) returned 0 [0225.192] GetAsyncKeyState (vKey=80) returned 0 [0225.193] GetLastError () returned 0x0 [0225.193] GetKeyState (nVirtKey=16) returned 0 [0225.193] GetKeyState (nVirtKey=17) returned 0 [0225.193] GetKeyState (nVirtKey=18) returned 0 [0225.193] GetAsyncKeyState (vKey=81) returned 0 [0225.193] GetLastError () returned 0x0 [0225.193] GetKeyState (nVirtKey=16) returned 0 [0225.193] GetKeyState (nVirtKey=17) returned 0 [0225.193] GetKeyState (nVirtKey=18) returned 0 [0225.193] GetAsyncKeyState (vKey=82) returned 0 [0225.193] GetLastError () returned 0x0 [0225.193] GetKeyState (nVirtKey=16) returned 0 [0225.193] GetKeyState (nVirtKey=17) returned 0 [0225.193] GetKeyState (nVirtKey=18) returned 0 [0225.193] GetAsyncKeyState (vKey=83) returned 0 [0225.193] GetLastError () returned 0x0 [0225.193] GetAsyncKeyState (vKey=84) returned 0 [0225.193] GetLastError () returned 0x0 [0225.193] GetAsyncKeyState (vKey=85) returned 0 [0225.194] GetLastError () returned 0x0 [0225.194] GetAsyncKeyState (vKey=86) returned 0 [0225.194] GetLastError () returned 0x0 [0225.194] GetAsyncKeyState (vKey=87) returned 0 [0225.194] GetLastError () returned 0x0 [0225.194] GetAsyncKeyState (vKey=88) returned 0 [0225.194] GetLastError () returned 0x0 [0225.194] GetAsyncKeyState (vKey=89) returned 0 [0225.194] GetLastError () returned 0x0 [0225.194] GetAsyncKeyState (vKey=90) returned 0 [0225.194] GetLastError () returned 0x0 [0225.194] GetAsyncKeyState (vKey=91) returned 0 [0225.194] GetLastError () returned 0x0 [0225.194] GetAsyncKeyState (vKey=92) returned 0 [0225.195] GetLastError () returned 0x0 [0225.195] GetAsyncKeyState (vKey=93) returned 0 [0225.195] GetLastError () returned 0x0 [0225.195] GetAsyncKeyState (vKey=94) returned 0 [0225.195] GetLastError () returned 0x0 [0225.195] GetAsyncKeyState (vKey=95) returned 0 [0225.195] GetLastError () returned 0x0 [0225.195] GetAsyncKeyState (vKey=96) returned 0 [0225.195] GetLastError () returned 0x0 [0225.195] GetAsyncKeyState (vKey=97) returned 0 [0225.195] GetLastError () returned 0x0 [0225.195] GetAsyncKeyState (vKey=98) returned 0 [0225.195] GetLastError () returned 0x0 [0225.195] GetAsyncKeyState (vKey=99) returned 0 [0225.196] GetLastError () returned 0x0 [0225.196] GetAsyncKeyState (vKey=100) returned 0 [0225.196] GetLastError () returned 0x0 [0225.196] GetAsyncKeyState (vKey=101) returned 0 [0225.196] GetLastError () returned 0x0 [0225.196] GetAsyncKeyState (vKey=102) returned 0 [0225.196] GetLastError () returned 0x0 [0225.196] GetAsyncKeyState (vKey=103) returned 0 [0225.196] GetLastError () returned 0x0 [0225.196] GetAsyncKeyState (vKey=104) returned 0 [0225.196] GetLastError () returned 0x0 [0225.196] GetAsyncKeyState (vKey=105) returned 0 [0225.196] GetLastError () returned 0x0 [0225.196] GetAsyncKeyState (vKey=106) returned 0 [0225.197] GetLastError () returned 0x0 [0225.197] GetAsyncKeyState (vKey=107) returned 0 [0225.197] GetLastError () returned 0x0 [0225.197] GetAsyncKeyState (vKey=108) returned 0 [0225.197] GetLastError () returned 0x0 [0225.197] GetAsyncKeyState (vKey=109) returned 0 [0225.197] GetLastError () returned 0x0 [0225.197] GetAsyncKeyState (vKey=110) returned 0 [0225.197] GetLastError () returned 0x0 [0225.197] GetAsyncKeyState (vKey=111) returned 0 [0225.197] GetLastError () returned 0x0 [0225.197] GetAsyncKeyState (vKey=112) returned 0 [0225.197] GetLastError () returned 0x0 [0225.197] GetAsyncKeyState (vKey=113) returned 0 [0225.197] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=114) returned 0 [0225.198] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=115) returned 0 [0225.198] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=116) returned 0 [0225.198] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=117) returned 0 [0225.198] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=118) returned 0 [0225.198] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=119) returned 0 [0225.198] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=120) returned 0 [0225.198] GetLastError () returned 0x0 [0225.198] GetAsyncKeyState (vKey=121) returned 0 [0225.198] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=122) returned 0 [0225.199] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=123) returned 0 [0225.199] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=124) returned 0 [0225.199] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=125) returned 0 [0225.199] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=126) returned 0 [0225.199] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=127) returned 0 [0225.199] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=128) returned 0 [0225.199] GetLastError () returned 0x0 [0225.199] GetAsyncKeyState (vKey=129) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=130) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=131) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=132) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=133) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=134) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=135) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=136) returned 0 [0225.200] GetLastError () returned 0x0 [0225.200] GetAsyncKeyState (vKey=137) returned 0 [0225.201] GetLastError () returned 0x0 [0225.201] GetAsyncKeyState (vKey=138) returned 0 [0225.201] GetLastError () returned 0x0 [0225.201] GetAsyncKeyState (vKey=139) returned 0 [0225.201] GetLastError () returned 0x0 [0225.201] GetAsyncKeyState (vKey=140) returned 0 [0225.201] GetLastError () returned 0x0 [0225.201] GetAsyncKeyState (vKey=141) returned 0 [0225.201] GetLastError () returned 0x0 [0225.201] GetAsyncKeyState (vKey=142) returned 0 [0225.201] GetLastError () returned 0x0 [0225.201] GetAsyncKeyState (vKey=143) returned 0 [0225.201] GetLastError () returned 0x0 [0225.201] GetAsyncKeyState (vKey=144) returned 0 [0225.202] GetLastError () returned 0x0 [0225.202] GetAsyncKeyState (vKey=145) returned 0 [0225.202] GetLastError () returned 0x0 [0225.202] GetAsyncKeyState (vKey=146) returned 0 [0225.202] GetLastError () returned 0x0 [0225.202] GetAsyncKeyState (vKey=147) returned 0 [0225.202] GetLastError () returned 0x0 [0225.202] GetAsyncKeyState (vKey=148) returned 0 [0225.202] GetLastError () returned 0x0 [0225.202] GetAsyncKeyState (vKey=149) returned 0 [0225.202] GetLastError () returned 0x0 [0225.202] GetAsyncKeyState (vKey=150) returned 0 [0225.202] GetLastError () returned 0x0 [0225.202] GetAsyncKeyState (vKey=151) returned 0 [0225.202] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=152) returned 0 [0225.203] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=153) returned 0 [0225.203] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=154) returned 0 [0225.203] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=155) returned 0 [0225.203] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=156) returned 0 [0225.203] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=157) returned 0 [0225.203] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=158) returned 0 [0225.203] GetLastError () returned 0x0 [0225.203] GetAsyncKeyState (vKey=159) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=160) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=161) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=162) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=163) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=164) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=165) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=166) returned 0 [0225.204] GetLastError () returned 0x0 [0225.204] GetAsyncKeyState (vKey=167) returned 0 [0225.205] GetLastError () returned 0x0 [0225.205] GetAsyncKeyState (vKey=168) returned 0 [0225.205] GetLastError () returned 0x0 [0225.205] GetAsyncKeyState (vKey=169) returned 0 [0225.205] GetLastError () returned 0x0 [0225.205] GetAsyncKeyState (vKey=170) returned 0 [0225.205] GetLastError () returned 0x0 [0225.205] GetAsyncKeyState (vKey=171) returned 0 [0225.205] GetLastError () returned 0x0 [0225.205] GetAsyncKeyState (vKey=172) returned 0 [0225.205] GetLastError () returned 0x0 [0225.205] GetAsyncKeyState (vKey=173) returned 0 [0225.205] GetLastError () returned 0x0 [0225.205] GetAsyncKeyState (vKey=174) returned 0 [0225.205] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=175) returned 0 [0225.206] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=176) returned 0 [0225.206] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=177) returned 0 [0225.206] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=178) returned 0 [0225.206] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=179) returned 0 [0225.206] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=180) returned 0 [0225.206] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=181) returned 0 [0225.206] GetLastError () returned 0x0 [0225.206] GetAsyncKeyState (vKey=182) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=183) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=184) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=185) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=186) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=187) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=188) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=189) returned 0 [0225.207] GetLastError () returned 0x0 [0225.207] GetAsyncKeyState (vKey=190) returned 0 [0225.208] GetLastError () returned 0x0 [0225.208] GetAsyncKeyState (vKey=191) returned 0 [0225.208] GetLastError () returned 0x0 [0225.208] GetAsyncKeyState (vKey=192) returned 0 [0225.208] GetLastError () returned 0x0 [0225.208] GetAsyncKeyState (vKey=193) returned 0 [0225.208] GetLastError () returned 0x0 [0225.208] GetAsyncKeyState (vKey=194) returned 0 [0225.208] GetLastError () returned 0x0 [0225.208] GetAsyncKeyState (vKey=195) returned 0 [0225.208] GetLastError () returned 0x0 [0225.208] GetAsyncKeyState (vKey=196) returned 0 [0225.208] GetLastError () returned 0x0 [0225.208] GetAsyncKeyState (vKey=197) returned 0 [0225.208] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=198) returned 0 [0225.209] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=199) returned 0 [0225.209] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=200) returned 0 [0225.209] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=201) returned 0 [0225.209] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=202) returned 0 [0225.209] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=203) returned 0 [0225.209] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=204) returned 0 [0225.209] GetLastError () returned 0x0 [0225.209] GetAsyncKeyState (vKey=205) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=206) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=207) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=208) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=209) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=210) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=211) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=212) returned 0 [0225.210] GetLastError () returned 0x0 [0225.210] GetAsyncKeyState (vKey=213) returned 0 [0225.211] GetLastError () returned 0x0 [0225.211] GetAsyncKeyState (vKey=214) returned 0 [0225.211] GetLastError () returned 0x0 [0225.211] GetAsyncKeyState (vKey=215) returned 0 [0225.211] GetLastError () returned 0x0 [0225.211] GetAsyncKeyState (vKey=216) returned 0 [0225.211] GetLastError () returned 0x0 [0225.211] GetAsyncKeyState (vKey=217) returned 0 [0225.211] GetLastError () returned 0x0 [0225.211] GetAsyncKeyState (vKey=218) returned 0 [0225.211] GetLastError () returned 0x0 [0225.211] GetAsyncKeyState (vKey=219) returned 0 [0225.211] GetLastError () returned 0x0 [0225.211] GetAsyncKeyState (vKey=220) returned 0 [0225.211] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=221) returned 0 [0225.212] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=222) returned 0 [0225.212] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=223) returned 0 [0225.212] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=224) returned 0 [0225.212] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=225) returned 0 [0225.212] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=226) returned 0 [0225.212] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=227) returned 0 [0225.212] GetLastError () returned 0x0 [0225.212] GetAsyncKeyState (vKey=228) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=229) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=230) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=231) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=232) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=233) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=234) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=235) returned 0 [0225.213] GetLastError () returned 0x0 [0225.213] GetAsyncKeyState (vKey=236) returned 0 [0225.214] GetLastError () returned 0x0 [0225.214] GetAsyncKeyState (vKey=237) returned 0 [0225.214] GetLastError () returned 0x0 [0225.214] GetAsyncKeyState (vKey=238) returned 0 [0225.214] GetLastError () returned 0x0 [0225.214] GetAsyncKeyState (vKey=239) returned 0 [0225.214] GetLastError () returned 0x0 [0225.214] GetAsyncKeyState (vKey=240) returned 0 [0225.214] GetLastError () returned 0x0 [0225.214] GetAsyncKeyState (vKey=241) returned 0 [0225.214] GetLastError () returned 0x0 [0225.214] GetAsyncKeyState (vKey=242) returned 0 [0225.214] GetLastError () returned 0x0 [0225.214] GetAsyncKeyState (vKey=243) returned 0 [0225.214] GetLastError () returned 0x0 [0225.215] GetAsyncKeyState (vKey=244) returned 0 [0225.215] GetLastError () returned 0x0 [0225.215] GetAsyncKeyState (vKey=245) returned 0 [0225.215] GetLastError () returned 0x0 [0225.215] GetAsyncKeyState (vKey=246) returned 0 [0225.215] GetLastError () returned 0x0 [0225.215] GetAsyncKeyState (vKey=247) returned 0 [0225.215] GetLastError () returned 0x0 [0225.215] GetAsyncKeyState (vKey=248) returned 0 [0225.215] GetLastError () returned 0x0 [0225.215] GetAsyncKeyState (vKey=249) returned 0 [0225.215] GetLastError () returned 0x0 [0243.311] GetAsyncKeyState (vKey=0) returned 0 [0243.311] GetLastError () returned 0x0 [0243.311] GetKeyState (nVirtKey=16) returned 0 [0243.311] GetKeyState (nVirtKey=17) returned 0 [0243.311] GetKeyState (nVirtKey=18) returned 0 [0243.311] GetAsyncKeyState (vKey=1) returned 0 [0243.311] GetLastError () returned 0x0 [0243.311] GetKeyState (nVirtKey=16) returned 0 [0243.311] GetKeyState (nVirtKey=17) returned 0 [0243.311] GetKeyState (nVirtKey=18) returned 0 [0243.311] GetAsyncKeyState (vKey=2) returned 0 [0243.311] GetLastError () returned 0x0 [0243.311] GetKeyState (nVirtKey=16) returned 0 [0243.311] GetKeyState (nVirtKey=17) returned 0 [0243.311] GetKeyState (nVirtKey=18) returned 0 [0243.311] GetAsyncKeyState (vKey=3) returned 0 [0243.311] GetLastError () returned 0x0 [0243.311] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=4) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=5) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=6) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=7) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=8) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=9) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=10) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.312] GetKeyState (nVirtKey=17) returned 0 [0243.312] GetKeyState (nVirtKey=18) returned 0 [0243.312] GetAsyncKeyState (vKey=11) returned 0 [0243.312] GetLastError () returned 0x0 [0243.312] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=12) returned 0 [0243.313] GetLastError () returned 0x0 [0243.313] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=13) returned 0 [0243.313] GetLastError () returned 0x0 [0243.313] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=14) returned 0 [0243.313] GetLastError () returned 0x0 [0243.313] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=15) returned 0 [0243.313] GetLastError () returned 0x0 [0243.313] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=16) returned 0 [0243.313] GetLastError () returned 0x0 [0243.313] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=17) returned 0 [0243.313] GetLastError () returned 0x0 [0243.313] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=18) returned 0 [0243.313] GetLastError () returned 0x0 [0243.313] GetKeyState (nVirtKey=16) returned 0 [0243.313] GetKeyState (nVirtKey=17) returned 0 [0243.313] GetKeyState (nVirtKey=18) returned 0 [0243.313] GetAsyncKeyState (vKey=19) returned 0 [0243.313] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=20) returned 0 [0243.314] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=21) returned 0 [0243.314] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=22) returned 0 [0243.314] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=23) returned 0 [0243.314] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=24) returned 0 [0243.314] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=25) returned 0 [0243.314] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=26) returned 0 [0243.314] GetLastError () returned 0x0 [0243.314] GetKeyState (nVirtKey=16) returned 0 [0243.314] GetKeyState (nVirtKey=17) returned 0 [0243.314] GetKeyState (nVirtKey=18) returned 0 [0243.314] GetAsyncKeyState (vKey=27) returned 0 [0243.314] GetLastError () returned 0x0 [0243.315] GetKeyState (nVirtKey=16) returned 0 [0243.315] GetKeyState (nVirtKey=17) returned 0 [0243.315] GetKeyState (nVirtKey=18) returned 0 [0243.315] GetAsyncKeyState (vKey=28) returned 0 [0243.315] GetLastError () returned 0x0 [0243.315] GetKeyState (nVirtKey=16) returned 0 [0243.315] GetKeyState (nVirtKey=17) returned 0 [0243.315] GetKeyState (nVirtKey=18) returned 0 [0243.315] GetAsyncKeyState (vKey=29) returned 0 [0243.315] GetLastError () returned 0x0 [0243.315] GetKeyState (nVirtKey=16) returned 0 [0243.315] GetKeyState (nVirtKey=17) returned 0 [0243.315] GetKeyState (nVirtKey=18) returned 0 [0243.315] GetAsyncKeyState (vKey=30) returned 0 [0243.315] GetLastError () returned 0x0 [0243.315] GetKeyState (nVirtKey=16) returned 0 [0243.315] GetKeyState (nVirtKey=17) returned 0 [0243.315] GetKeyState (nVirtKey=18) returned 0 [0243.315] GetAsyncKeyState (vKey=31) returned 0 [0243.315] GetLastError () returned 0x0 [0243.315] GetKeyState (nVirtKey=16) returned 0 [0243.315] GetKeyState (nVirtKey=17) returned 0 [0243.315] GetKeyState (nVirtKey=18) returned 0 [0243.315] GetAsyncKeyState (vKey=32) returned 0 [0243.315] GetLastError () returned 0x0 [0243.315] GetKeyState (nVirtKey=16) returned 0 [0243.315] GetKeyState (nVirtKey=17) returned 0 [0243.315] GetKeyState (nVirtKey=18) returned 0 [0243.315] GetAsyncKeyState (vKey=33) returned 0 [0243.315] GetLastError () returned 0x0 [0243.315] GetKeyState (nVirtKey=16) returned 0 [0243.316] GetKeyState (nVirtKey=17) returned 0 [0243.316] GetKeyState (nVirtKey=18) returned 0 [0243.316] GetAsyncKeyState (vKey=34) returned 0 [0243.316] GetLastError () returned 0x0 [0243.316] GetKeyState (nVirtKey=16) returned 0 [0243.316] GetKeyState (nVirtKey=17) returned 0 [0243.316] GetKeyState (nVirtKey=18) returned 0 [0243.316] GetAsyncKeyState (vKey=35) returned 0 [0243.316] GetLastError () returned 0x0 [0243.316] GetKeyState (nVirtKey=16) returned 0 [0243.316] GetKeyState (nVirtKey=17) returned 0 [0243.316] GetKeyState (nVirtKey=18) returned 0 [0243.316] GetAsyncKeyState (vKey=36) returned 0 [0243.316] GetLastError () returned 0x0 [0243.316] GetKeyState (nVirtKey=16) returned 0 [0243.316] GetKeyState (nVirtKey=17) returned 0 [0243.316] GetKeyState (nVirtKey=18) returned 0 [0243.316] GetAsyncKeyState (vKey=37) returned 0 [0243.316] GetLastError () returned 0x0 [0243.316] GetKeyState (nVirtKey=16) returned 0 [0243.316] GetKeyState (nVirtKey=17) returned 0 [0243.316] GetKeyState (nVirtKey=18) returned 0 [0243.316] GetAsyncKeyState (vKey=38) returned 0 [0243.316] GetLastError () returned 0x0 [0243.316] GetKeyState (nVirtKey=16) returned 0 [0243.316] GetKeyState (nVirtKey=17) returned 0 [0243.316] GetKeyState (nVirtKey=18) returned 0 [0243.316] GetAsyncKeyState (vKey=39) returned 0 [0243.316] GetLastError () returned 0x0 [0243.316] GetKeyState (nVirtKey=16) returned 0 [0243.317] GetKeyState (nVirtKey=17) returned 0 [0243.317] GetKeyState (nVirtKey=18) returned 0 [0243.317] GetAsyncKeyState (vKey=40) returned 0 [0243.317] GetLastError () returned 0x0 [0243.317] GetKeyState (nVirtKey=16) returned 0 [0243.317] GetKeyState (nVirtKey=17) returned 0 [0243.317] GetKeyState (nVirtKey=18) returned 0 [0243.317] GetAsyncKeyState (vKey=41) returned 0 [0243.317] GetLastError () returned 0x0 [0243.317] GetKeyState (nVirtKey=16) returned 0 [0243.317] GetKeyState (nVirtKey=17) returned 0 [0243.317] GetKeyState (nVirtKey=18) returned 0 [0243.317] GetAsyncKeyState (vKey=42) returned 0 [0243.317] GetLastError () returned 0x0 [0243.317] GetKeyState (nVirtKey=16) returned 0 [0243.317] GetKeyState (nVirtKey=17) returned 0 [0243.317] GetKeyState (nVirtKey=18) returned 0 [0243.317] GetAsyncKeyState (vKey=43) returned 0 [0243.317] GetLastError () returned 0x0 [0243.317] GetKeyState (nVirtKey=16) returned 0 [0243.317] GetKeyState (nVirtKey=17) returned 0 [0243.317] GetKeyState (nVirtKey=18) returned 0 [0243.317] GetAsyncKeyState (vKey=44) returned 0 [0243.317] GetLastError () returned 0x0 [0243.317] GetKeyState (nVirtKey=16) returned 0 [0243.317] GetKeyState (nVirtKey=17) returned 0 [0243.317] GetKeyState (nVirtKey=18) returned 0 [0243.317] GetAsyncKeyState (vKey=45) returned 0 [0243.317] GetLastError () returned 0x0 [0243.317] GetKeyState (nVirtKey=16) returned 0 [0243.318] GetKeyState (nVirtKey=17) returned 0 [0243.318] GetKeyState (nVirtKey=18) returned 0 [0243.318] GetAsyncKeyState (vKey=46) returned 0 [0243.318] GetLastError () returned 0x0 [0243.318] GetKeyState (nVirtKey=16) returned 0 [0243.318] GetKeyState (nVirtKey=17) returned 0 [0243.318] GetKeyState (nVirtKey=18) returned 0 [0243.318] GetAsyncKeyState (vKey=47) returned 0 [0243.318] GetLastError () returned 0x0 [0243.318] GetKeyState (nVirtKey=16) returned 0 [0243.318] GetKeyState (nVirtKey=17) returned 0 [0243.318] GetKeyState (nVirtKey=18) returned 0 [0243.318] GetAsyncKeyState (vKey=48) returned 0 [0243.318] GetLastError () returned 0x0 [0243.318] GetKeyState (nVirtKey=16) returned 0 [0243.318] GetKeyState (nVirtKey=17) returned 0 [0243.318] GetKeyState (nVirtKey=18) returned 0 [0243.318] GetAsyncKeyState (vKey=49) returned 0 [0243.318] GetLastError () returned 0x0 [0243.318] GetKeyState (nVirtKey=16) returned 0 [0243.318] GetKeyState (nVirtKey=17) returned 0 [0243.318] GetKeyState (nVirtKey=18) returned 0 [0243.318] GetAsyncKeyState (vKey=50) returned 0 [0243.318] GetLastError () returned 0x0 [0243.318] GetKeyState (nVirtKey=16) returned 0 [0243.318] GetKeyState (nVirtKey=17) returned 0 [0243.318] GetKeyState (nVirtKey=18) returned 0 [0243.318] GetAsyncKeyState (vKey=51) returned 0 [0243.318] GetLastError () returned 0x0 [0243.318] GetKeyState (nVirtKey=16) returned 0 [0243.319] GetKeyState (nVirtKey=17) returned 0 [0243.319] GetKeyState (nVirtKey=18) returned 0 [0243.319] GetAsyncKeyState (vKey=52) returned 0 [0243.319] GetLastError () returned 0x0 [0243.319] GetKeyState (nVirtKey=16) returned 0 [0243.319] GetKeyState (nVirtKey=17) returned 0 [0243.319] GetKeyState (nVirtKey=18) returned 0 [0243.319] GetAsyncKeyState (vKey=53) returned 0 [0243.319] GetLastError () returned 0x0 [0243.319] GetKeyState (nVirtKey=16) returned 0 [0243.319] GetKeyState (nVirtKey=17) returned 0 [0243.319] GetKeyState (nVirtKey=18) returned 0 [0243.319] GetAsyncKeyState (vKey=54) returned 0 [0243.319] GetLastError () returned 0x0 [0243.319] GetKeyState (nVirtKey=16) returned 0 [0243.319] GetKeyState (nVirtKey=17) returned 0 [0243.319] GetKeyState (nVirtKey=18) returned 0 [0243.319] GetAsyncKeyState (vKey=55) returned 0 [0243.319] GetLastError () returned 0x0 [0243.319] GetKeyState (nVirtKey=16) returned 0 [0243.319] GetKeyState (nVirtKey=17) returned 0 [0243.319] GetKeyState (nVirtKey=18) returned 0 [0243.319] GetAsyncKeyState (vKey=56) returned 0 [0243.319] GetLastError () returned 0x0 [0243.320] GetKeyState (nVirtKey=16) returned 0 [0243.320] GetKeyState (nVirtKey=17) returned 0 [0243.320] GetKeyState (nVirtKey=18) returned 0 [0243.320] GetAsyncKeyState (vKey=57) returned 0 [0243.320] GetLastError () returned 0x0 [0243.320] GetKeyState (nVirtKey=16) returned 0 [0243.320] GetKeyState (nVirtKey=17) returned 0 [0243.320] GetKeyState (nVirtKey=18) returned 0 [0243.320] GetAsyncKeyState (vKey=58) returned 0 [0243.320] GetLastError () returned 0x0 [0243.320] GetKeyState (nVirtKey=16) returned 0 [0243.320] GetKeyState (nVirtKey=17) returned 0 [0243.320] GetKeyState (nVirtKey=18) returned 0 [0243.320] GetAsyncKeyState (vKey=59) returned 0 [0243.320] GetLastError () returned 0x0 [0243.320] GetKeyState (nVirtKey=16) returned 0 [0243.320] GetKeyState (nVirtKey=17) returned 0 [0243.320] GetKeyState (nVirtKey=18) returned 0 [0243.320] GetAsyncKeyState (vKey=60) returned 0 [0243.320] GetLastError () returned 0x0 [0243.320] GetKeyState (nVirtKey=16) returned 0 [0243.320] GetKeyState (nVirtKey=17) returned 0 [0243.320] GetKeyState (nVirtKey=18) returned 0 [0243.320] GetAsyncKeyState (vKey=61) returned 0 [0243.320] GetLastError () returned 0x0 [0243.320] GetKeyState (nVirtKey=16) returned 0 [0243.320] GetKeyState (nVirtKey=17) returned 0 [0243.320] GetKeyState (nVirtKey=18) returned 0 [0243.320] GetAsyncKeyState (vKey=62) returned 0 [0243.320] GetLastError () returned 0x0 [0243.321] GetKeyState (nVirtKey=16) returned 0 [0243.321] GetKeyState (nVirtKey=17) returned 0 [0243.321] GetKeyState (nVirtKey=18) returned 0 [0243.321] GetAsyncKeyState (vKey=63) returned 0 [0243.321] GetLastError () returned 0x0 [0243.321] GetKeyState (nVirtKey=16) returned 0 [0243.321] GetKeyState (nVirtKey=17) returned 0 [0243.321] GetKeyState (nVirtKey=18) returned 0 [0243.321] GetAsyncKeyState (vKey=64) returned 0 [0243.321] GetLastError () returned 0x0 [0243.321] GetKeyState (nVirtKey=16) returned 0 [0243.321] GetKeyState (nVirtKey=17) returned 0 [0243.321] GetKeyState (nVirtKey=18) returned 0 [0243.321] GetAsyncKeyState (vKey=65) returned 0 [0243.321] GetLastError () returned 0x0 [0243.321] GetKeyState (nVirtKey=16) returned 0 [0243.321] GetKeyState (nVirtKey=17) returned 0 [0243.321] GetKeyState (nVirtKey=18) returned 0 [0243.321] GetAsyncKeyState (vKey=66) returned 0 [0243.321] GetLastError () returned 0x0 [0243.321] GetKeyState (nVirtKey=16) returned 0 [0243.321] GetKeyState (nVirtKey=17) returned 0 [0243.321] GetKeyState (nVirtKey=18) returned 0 [0243.321] GetAsyncKeyState (vKey=67) returned 0 [0243.321] GetLastError () returned 0x0 [0243.321] GetKeyState (nVirtKey=16) returned 0 [0243.321] GetKeyState (nVirtKey=17) returned 0 [0243.321] GetKeyState (nVirtKey=18) returned 0 [0243.321] GetAsyncKeyState (vKey=68) returned 0 [0243.321] GetLastError () returned 0x0 [0243.322] GetKeyState (nVirtKey=16) returned 0 [0243.322] GetKeyState (nVirtKey=17) returned 0 [0243.322] GetKeyState (nVirtKey=18) returned 0 [0243.322] GetAsyncKeyState (vKey=69) returned 0 [0243.322] GetLastError () returned 0x0 [0243.322] GetKeyState (nVirtKey=16) returned 0 [0243.322] GetKeyState (nVirtKey=17) returned 0 [0243.322] GetKeyState (nVirtKey=18) returned 0 [0243.322] GetAsyncKeyState (vKey=70) returned 0 [0243.322] GetLastError () returned 0x0 [0243.322] GetKeyState (nVirtKey=16) returned 0 [0243.322] GetKeyState (nVirtKey=17) returned 0 [0243.322] GetKeyState (nVirtKey=18) returned 0 [0243.322] GetAsyncKeyState (vKey=71) returned 0 [0243.322] GetLastError () returned 0x0 [0243.322] GetKeyState (nVirtKey=16) returned 0 [0243.322] GetKeyState (nVirtKey=17) returned 0 [0243.322] GetKeyState (nVirtKey=18) returned 0 [0243.322] GetAsyncKeyState (vKey=72) returned 0 [0243.322] GetLastError () returned 0x0 [0243.322] GetKeyState (nVirtKey=16) returned 0 [0243.322] GetKeyState (nVirtKey=17) returned 0 [0243.322] GetKeyState (nVirtKey=18) returned 0 [0243.322] GetAsyncKeyState (vKey=73) returned 0 [0243.322] GetLastError () returned 0x0 [0243.322] GetKeyState (nVirtKey=16) returned 0 [0243.322] GetKeyState (nVirtKey=17) returned 0 [0243.322] GetKeyState (nVirtKey=18) returned 0 [0243.322] GetAsyncKeyState (vKey=74) returned 0 [0243.323] GetLastError () returned 0x0 [0243.323] GetKeyState (nVirtKey=16) returned 0 [0243.323] GetKeyState (nVirtKey=17) returned 0 [0243.323] GetKeyState (nVirtKey=18) returned 0 [0243.323] GetAsyncKeyState (vKey=75) returned 0 [0243.323] GetLastError () returned 0x0 [0243.323] GetKeyState (nVirtKey=16) returned 0 [0243.323] GetKeyState (nVirtKey=17) returned 0 [0243.323] GetKeyState (nVirtKey=18) returned 0 [0243.323] GetAsyncKeyState (vKey=76) returned 0 [0243.323] GetLastError () returned 0x0 [0243.323] GetKeyState (nVirtKey=16) returned 0 [0243.323] GetKeyState (nVirtKey=17) returned 0 [0243.323] GetKeyState (nVirtKey=18) returned 0 [0243.323] GetAsyncKeyState (vKey=77) returned 0 [0243.323] GetLastError () returned 0x0 [0243.323] GetKeyState (nVirtKey=16) returned 0 [0243.323] GetKeyState (nVirtKey=17) returned 0 [0243.323] GetKeyState (nVirtKey=18) returned 0 [0243.323] GetAsyncKeyState (vKey=78) returned 0 [0243.323] GetLastError () returned 0x0 [0243.323] GetKeyState (nVirtKey=16) returned 0 [0243.323] GetKeyState (nVirtKey=17) returned 0 [0243.323] GetKeyState (nVirtKey=18) returned 0 [0243.323] GetAsyncKeyState (vKey=79) returned 0 [0243.323] GetLastError () returned 0x0 [0243.323] GetKeyState (nVirtKey=16) returned 0 [0243.323] GetKeyState (nVirtKey=17) returned 0 [0243.323] GetKeyState (nVirtKey=18) returned 0 [0243.323] GetAsyncKeyState (vKey=80) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetKeyState (nVirtKey=16) returned 0 [0243.324] GetKeyState (nVirtKey=17) returned 0 [0243.324] GetKeyState (nVirtKey=18) returned 0 [0243.324] GetAsyncKeyState (vKey=81) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetKeyState (nVirtKey=16) returned 0 [0243.324] GetKeyState (nVirtKey=17) returned 0 [0243.324] GetKeyState (nVirtKey=18) returned 0 [0243.324] GetAsyncKeyState (vKey=82) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetKeyState (nVirtKey=16) returned 0 [0243.324] GetKeyState (nVirtKey=17) returned 0 [0243.324] GetKeyState (nVirtKey=18) returned 0 [0243.324] GetAsyncKeyState (vKey=83) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetAsyncKeyState (vKey=84) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetAsyncKeyState (vKey=85) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetAsyncKeyState (vKey=86) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetAsyncKeyState (vKey=87) returned 0 [0243.324] GetLastError () returned 0x0 [0243.324] GetAsyncKeyState (vKey=88) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=89) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=90) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=91) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=92) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=93) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=94) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=95) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=96) returned 0 [0243.325] GetLastError () returned 0x0 [0243.325] GetAsyncKeyState (vKey=97) returned 0 [0243.325] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=98) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=99) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=100) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=101) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=102) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=103) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=104) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=105) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=106) returned 0 [0243.326] GetLastError () returned 0x0 [0243.326] GetAsyncKeyState (vKey=107) returned 0 [0243.326] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=108) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=109) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=110) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=111) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=112) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=113) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=114) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=115) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=116) returned 0 [0243.327] GetLastError () returned 0x0 [0243.327] GetAsyncKeyState (vKey=117) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=118) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=119) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=120) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=121) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=122) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=123) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=124) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=125) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=126) returned 0 [0243.328] GetLastError () returned 0x0 [0243.328] GetAsyncKeyState (vKey=127) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=128) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=129) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=130) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=131) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=132) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=133) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=134) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=135) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=136) returned 0 [0243.329] GetLastError () returned 0x0 [0243.329] GetAsyncKeyState (vKey=137) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=138) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=139) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=140) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=141) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=142) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=143) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=144) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=145) returned 0 [0243.330] GetLastError () returned 0x0 [0243.330] GetAsyncKeyState (vKey=146) returned 0 [0243.330] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=147) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=148) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=149) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=150) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=151) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=152) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=153) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=154) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=155) returned 0 [0243.331] GetLastError () returned 0x0 [0243.331] GetAsyncKeyState (vKey=156) returned 0 [0243.331] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=157) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=158) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=159) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=160) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=161) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=162) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=163) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=164) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=165) returned 0 [0243.332] GetLastError () returned 0x0 [0243.332] GetAsyncKeyState (vKey=166) returned 0 [0243.332] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=167) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=168) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=169) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=170) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=171) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=172) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=173) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=174) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=175) returned 0 [0243.333] GetLastError () returned 0x0 [0243.333] GetAsyncKeyState (vKey=176) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=177) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=178) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=179) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=180) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=181) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=182) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=183) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=184) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=185) returned 0 [0243.334] GetLastError () returned 0x0 [0243.334] GetAsyncKeyState (vKey=186) returned 0 [0243.335] GetLastError () returned 0x0 [0243.335] GetAsyncKeyState (vKey=187) returned 0 [0243.335] GetLastError () returned 0x0 [0243.335] GetAsyncKeyState (vKey=188) returned 0 [0243.335] GetLastError () returned 0x0 [0243.335] GetAsyncKeyState (vKey=189) returned 0 [0243.335] GetLastError () returned 0x0 [0243.335] GetAsyncKeyState (vKey=190) returned 0 [0243.335] GetLastError () returned 0x0 [0243.390] GetAsyncKeyState (vKey=191) returned 0 [0243.391] GetLastError () returned 0x0 [0243.391] GetAsyncKeyState (vKey=192) returned 0 [0243.391] GetLastError () returned 0x0 [0243.391] GetAsyncKeyState (vKey=193) returned 0 [0243.391] GetLastError () returned 0x0 [0243.391] GetAsyncKeyState (vKey=194) returned 0 [0243.392] GetLastError () returned 0x0 [0243.392] GetAsyncKeyState (vKey=195) returned 0 [0243.392] GetLastError () returned 0x0 [0243.392] GetAsyncKeyState (vKey=196) returned 0 [0243.392] GetLastError () returned 0x0 [0243.392] GetAsyncKeyState (vKey=197) returned 0 [0243.392] GetLastError () returned 0x0 [0243.392] GetAsyncKeyState (vKey=198) returned 0 [0243.392] GetLastError () returned 0x0 [0243.392] GetAsyncKeyState (vKey=199) returned 0 [0243.392] GetLastError () returned 0x0 [0243.392] GetAsyncKeyState (vKey=200) returned 0 [0243.393] GetLastError () returned 0x0 [0243.393] GetAsyncKeyState (vKey=201) returned 0 [0243.393] GetLastError () returned 0x0 [0243.393] GetAsyncKeyState (vKey=202) returned 0 [0243.393] GetLastError () returned 0x0 [0243.393] GetAsyncKeyState (vKey=203) returned 0 [0243.393] GetLastError () returned 0x0 [0243.393] GetAsyncKeyState (vKey=204) returned 0 [0243.393] GetLastError () returned 0x0 [0243.393] GetAsyncKeyState (vKey=205) returned 0 [0243.393] GetLastError () returned 0x0 [0243.393] GetAsyncKeyState (vKey=206) returned 0 [0243.394] GetLastError () returned 0x0 [0243.394] GetAsyncKeyState (vKey=207) returned 0 [0243.394] GetLastError () returned 0x0 [0243.394] GetAsyncKeyState (vKey=208) returned 0 [0243.394] GetLastError () returned 0x0 [0243.394] GetAsyncKeyState (vKey=209) returned 0 [0243.394] GetLastError () returned 0x0 [0243.394] GetAsyncKeyState (vKey=210) returned 0 [0243.394] GetLastError () returned 0x0 [0243.394] GetAsyncKeyState (vKey=211) returned 0 [0243.394] GetLastError () returned 0x0 [0243.394] GetAsyncKeyState (vKey=212) returned 0 [0243.395] GetLastError () returned 0x0 [0243.395] GetAsyncKeyState (vKey=213) returned 0 [0243.395] GetLastError () returned 0x0 [0243.395] GetAsyncKeyState (vKey=214) returned 0 [0243.395] GetLastError () returned 0x0 [0243.395] GetAsyncKeyState (vKey=215) returned 0 [0243.395] GetLastError () returned 0x0 [0243.395] GetAsyncKeyState (vKey=216) returned 0 [0243.395] GetLastError () returned 0x0 [0243.395] GetAsyncKeyState (vKey=217) returned 0 [0243.395] GetLastError () returned 0x0 [0243.395] GetAsyncKeyState (vKey=218) returned 0 [0243.396] GetLastError () returned 0x0 [0243.396] GetAsyncKeyState (vKey=219) returned 0 [0243.396] GetLastError () returned 0x0 [0243.396] GetAsyncKeyState (vKey=220) returned 0 [0243.396] GetLastError () returned 0x0 [0243.396] GetAsyncKeyState (vKey=221) returned 0 [0243.396] GetLastError () returned 0x0 [0243.396] GetAsyncKeyState (vKey=222) returned 0 [0243.396] GetLastError () returned 0x0 [0243.396] GetAsyncKeyState (vKey=223) returned 0 [0243.396] GetLastError () returned 0x0 [0243.396] GetAsyncKeyState (vKey=224) returned 0 [0243.397] GetLastError () returned 0x0 [0243.397] GetAsyncKeyState (vKey=225) returned 0 [0243.397] GetLastError () returned 0x0 [0243.397] GetAsyncKeyState (vKey=226) returned 0 [0243.397] GetLastError () returned 0x0 [0243.397] GetAsyncKeyState (vKey=227) returned 0 [0243.397] GetLastError () returned 0x0 [0243.397] GetAsyncKeyState (vKey=228) returned 0 [0243.397] GetLastError () returned 0x0 [0243.397] GetAsyncKeyState (vKey=229) returned 0 [0243.397] GetLastError () returned 0x0 [0243.397] GetAsyncKeyState (vKey=230) returned 0 [0243.398] GetLastError () returned 0x0 [0243.398] GetAsyncKeyState (vKey=231) returned 0 [0243.398] GetLastError () returned 0x0 [0243.398] GetAsyncKeyState (vKey=232) returned 0 [0243.398] GetLastError () returned 0x0 [0243.398] GetAsyncKeyState (vKey=233) returned 0 [0243.398] GetLastError () returned 0x0 [0243.398] GetAsyncKeyState (vKey=234) returned 0 [0243.399] GetLastError () returned 0x0 [0243.399] GetAsyncKeyState (vKey=235) returned 0 [0243.399] GetLastError () returned 0x0 [0243.399] GetAsyncKeyState (vKey=236) returned 0 [0243.399] GetLastError () returned 0x0 [0243.399] GetAsyncKeyState (vKey=237) returned 0 [0243.399] GetLastError () returned 0x0 [0243.399] GetAsyncKeyState (vKey=238) returned 0 [0243.399] GetLastError () returned 0x0 [0243.399] GetAsyncKeyState (vKey=239) returned 0 [0243.399] GetLastError () returned 0x0 [0243.399] GetAsyncKeyState (vKey=240) returned 0 [0243.400] GetLastError () returned 0x0 [0243.400] GetAsyncKeyState (vKey=241) returned 0 [0243.400] GetLastError () returned 0x0 [0243.400] GetAsyncKeyState (vKey=242) returned 0 [0243.400] GetLastError () returned 0x0 [0243.400] GetAsyncKeyState (vKey=243) returned 0 [0243.400] GetLastError () returned 0x0 [0243.400] GetAsyncKeyState (vKey=244) returned 0 [0243.400] GetLastError () returned 0x0 [0243.400] GetAsyncKeyState (vKey=245) returned 0 [0243.400] GetLastError () returned 0x0 [0243.400] GetAsyncKeyState (vKey=246) returned 0 [0243.401] GetLastError () returned 0x0 [0243.401] GetAsyncKeyState (vKey=247) returned 0 [0243.401] GetLastError () returned 0x0 [0243.401] GetAsyncKeyState (vKey=248) returned 0 [0243.401] GetLastError () returned 0x0 [0248.942] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", ulOptions=0x0, samDesired=0x2001f, phkResult=0x528f13c | out: phkResult=0x528f13c*=0x0) returned 0x2 [0248.949] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x528f148, lpdwDisposition=0x528f1d8 | out: phkResult=0x528f148*=0x3b4, lpdwDisposition=0x528f1d8*=0x1) returned 0x0 [0248.950] RegQueryValueExW (in: hKey=0x3b4, lpValueName="[kl]", lpReserved=0x0, lpType=0x528f194, lpData=0x0, lpcbData=0x528f190*=0x0 | out: lpType=0x528f194*=0x0, lpData=0x0, lpcbData=0x528f190*=0x0) returned 0x2 [0248.952] RegSetValueExW (in: hKey=0x3b4, lpValueName="[kl]", Reserved=0x0, dwType=0x1, lpData="", cbData=0x2 | out: lpData="") returned 0x0 [0248.958] GetAsyncKeyState (vKey=0) returned 0 [0248.958] GetLastError () returned 0x0 [0248.958] GetKeyState (nVirtKey=16) returned 0 [0248.958] GetKeyState (nVirtKey=17) returned 0 [0248.958] GetKeyState (nVirtKey=18) returned 0 [0248.958] GetAsyncKeyState (vKey=1) returned 0 [0248.958] GetLastError () returned 0x0 [0248.958] GetKeyState (nVirtKey=16) returned 0 [0248.958] GetKeyState (nVirtKey=17) returned 0 [0248.958] GetKeyState (nVirtKey=18) returned 0 [0248.959] GetAsyncKeyState (vKey=2) returned 0 [0248.959] GetLastError () returned 0x0 [0248.959] GetKeyState (nVirtKey=16) returned 0 [0248.959] GetKeyState (nVirtKey=17) returned 0 [0248.959] GetKeyState (nVirtKey=18) returned 0 [0248.959] GetAsyncKeyState (vKey=3) returned 0 [0248.959] GetLastError () returned 0x0 [0248.959] GetKeyState (nVirtKey=16) returned 0 [0248.959] GetKeyState (nVirtKey=17) returned 0 [0248.959] GetKeyState (nVirtKey=18) returned 0 [0248.959] GetAsyncKeyState (vKey=4) returned 0 [0248.959] GetLastError () returned 0x0 [0248.959] GetKeyState (nVirtKey=16) returned 0 [0248.959] GetKeyState (nVirtKey=17) returned 0 [0248.959] GetKeyState (nVirtKey=18) returned 0 [0248.959] GetAsyncKeyState (vKey=5) returned 0 [0248.959] GetLastError () returned 0x0 [0248.959] GetKeyState (nVirtKey=16) returned 0 [0248.959] GetKeyState (nVirtKey=17) returned 0 [0248.959] GetKeyState (nVirtKey=18) returned 0 [0248.959] GetAsyncKeyState (vKey=6) returned 0 [0248.959] GetLastError () returned 0x0 [0248.959] GetKeyState (nVirtKey=16) returned 0 [0248.959] GetKeyState (nVirtKey=17) returned 0 [0248.959] GetKeyState (nVirtKey=18) returned 0 [0248.959] GetAsyncKeyState (vKey=7) returned 0 [0248.959] GetLastError () returned 0x0 [0248.959] GetKeyState (nVirtKey=16) returned 0 [0248.959] GetKeyState (nVirtKey=17) returned 0 [0248.959] GetKeyState (nVirtKey=18) returned 0 [0248.960] GetAsyncKeyState (vKey=8) returned 0 [0248.960] GetLastError () returned 0x0 [0248.960] GetKeyState (nVirtKey=16) returned 0 [0248.960] GetKeyState (nVirtKey=17) returned 0 [0248.960] GetKeyState (nVirtKey=18) returned 0 [0248.960] GetAsyncKeyState (vKey=9) returned 0 [0248.960] GetLastError () returned 0x0 [0248.960] GetKeyState (nVirtKey=16) returned 0 [0248.960] GetKeyState (nVirtKey=17) returned 0 [0248.960] GetKeyState (nVirtKey=18) returned 0 [0248.960] GetAsyncKeyState (vKey=10) returned 0 [0248.960] GetLastError () returned 0x0 [0248.960] GetKeyState (nVirtKey=16) returned 0 [0248.960] GetKeyState (nVirtKey=17) returned 0 [0248.960] GetKeyState (nVirtKey=18) returned 0 [0248.960] GetAsyncKeyState (vKey=11) returned 0 [0248.960] GetLastError () returned 0x0 [0248.960] GetKeyState (nVirtKey=16) returned 0 [0248.960] GetKeyState (nVirtKey=17) returned 0 [0248.960] GetKeyState (nVirtKey=18) returned 0 [0248.960] GetAsyncKeyState (vKey=12) returned 0 [0248.960] GetLastError () returned 0x0 [0248.960] GetKeyState (nVirtKey=16) returned 0 [0248.960] GetKeyState (nVirtKey=17) returned 0 [0248.960] GetKeyState (nVirtKey=18) returned 0 [0248.960] GetAsyncKeyState (vKey=13) returned 0 [0248.960] GetLastError () returned 0x0 [0248.960] GetKeyState (nVirtKey=16) returned 0 [0248.960] GetKeyState (nVirtKey=17) returned 0 [0248.960] GetKeyState (nVirtKey=18) returned 0 [0248.960] GetAsyncKeyState (vKey=14) returned 0 [0248.960] GetLastError () returned 0x0 [0248.960] GetKeyState (nVirtKey=16) returned 0 [0248.960] GetKeyState (nVirtKey=17) returned 0 [0248.960] GetKeyState (nVirtKey=18) returned 0 [0248.961] GetAsyncKeyState (vKey=15) returned 0 [0248.961] GetLastError () returned 0x0 [0248.961] GetKeyState (nVirtKey=16) returned 0 [0248.961] GetKeyState (nVirtKey=17) returned 0 [0248.961] GetKeyState (nVirtKey=18) returned 0 [0248.961] GetAsyncKeyState (vKey=16) returned 0 [0248.961] GetLastError () returned 0x0 [0248.961] GetKeyState (nVirtKey=16) returned 0 [0248.961] GetKeyState (nVirtKey=17) returned 0 [0248.961] GetKeyState (nVirtKey=18) returned 0 [0248.961] GetAsyncKeyState (vKey=17) returned 0 [0248.961] GetLastError () returned 0x0 [0248.961] GetKeyState (nVirtKey=16) returned 0 [0248.961] GetKeyState (nVirtKey=17) returned 0 [0248.961] GetKeyState (nVirtKey=18) returned 0 [0248.961] GetAsyncKeyState (vKey=18) returned 0 [0248.961] GetLastError () returned 0x0 [0248.961] GetKeyState (nVirtKey=16) returned 0 [0248.961] GetKeyState (nVirtKey=17) returned 0 [0248.961] GetKeyState (nVirtKey=18) returned 0 [0248.961] GetAsyncKeyState (vKey=19) returned 0 [0248.961] GetLastError () returned 0x0 [0248.961] GetKeyState (nVirtKey=16) returned 0 [0248.961] GetKeyState (nVirtKey=17) returned 0 [0248.961] GetKeyState (nVirtKey=18) returned 0 [0248.961] GetAsyncKeyState (vKey=20) returned 0 [0248.961] GetLastError () returned 0x0 [0248.961] GetKeyState (nVirtKey=16) returned 0 [0248.961] GetKeyState (nVirtKey=17) returned 0 [0248.961] GetKeyState (nVirtKey=18) returned 0 [0248.961] GetAsyncKeyState (vKey=21) returned 0 [0248.961] GetLastError () returned 0x0 [0248.961] GetKeyState (nVirtKey=16) returned 0 [0248.961] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=22) returned 0 [0248.962] GetLastError () returned 0x0 [0248.962] GetKeyState (nVirtKey=16) returned 0 [0248.962] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=23) returned 0 [0248.962] GetLastError () returned 0x0 [0248.962] GetKeyState (nVirtKey=16) returned 0 [0248.962] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=24) returned 0 [0248.962] GetLastError () returned 0x0 [0248.962] GetKeyState (nVirtKey=16) returned 0 [0248.962] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=25) returned 0 [0248.962] GetLastError () returned 0x0 [0248.962] GetKeyState (nVirtKey=16) returned 0 [0248.962] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=26) returned 0 [0248.962] GetLastError () returned 0x0 [0248.962] GetKeyState (nVirtKey=16) returned 0 [0248.962] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=27) returned 0 [0248.962] GetLastError () returned 0x0 [0248.962] GetKeyState (nVirtKey=16) returned 0 [0248.962] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=28) returned 0 [0248.962] GetLastError () returned 0x0 [0248.962] GetKeyState (nVirtKey=16) returned 0 [0248.962] GetKeyState (nVirtKey=17) returned 0 [0248.962] GetKeyState (nVirtKey=18) returned 0 [0248.962] GetAsyncKeyState (vKey=29) returned 0 [0248.963] GetLastError () returned 0x0 [0248.963] GetKeyState (nVirtKey=16) returned 0 [0248.963] GetKeyState (nVirtKey=17) returned 0 [0248.963] GetKeyState (nVirtKey=18) returned 0 [0248.963] GetAsyncKeyState (vKey=30) returned 0 [0248.963] GetLastError () returned 0x0 [0248.963] GetKeyState (nVirtKey=16) returned 0 [0248.963] GetKeyState (nVirtKey=17) returned 0 [0248.963] GetKeyState (nVirtKey=18) returned 0 [0248.963] GetAsyncKeyState (vKey=31) returned 0 [0248.963] GetLastError () returned 0x0 [0248.963] GetKeyState (nVirtKey=16) returned 0 [0248.963] GetKeyState (nVirtKey=17) returned 0 [0248.963] GetKeyState (nVirtKey=18) returned 0 [0248.963] GetAsyncKeyState (vKey=32) returned 0 [0248.963] GetLastError () returned 0x0 [0248.963] GetKeyState (nVirtKey=16) returned 0 [0248.963] GetKeyState (nVirtKey=17) returned 0 [0248.963] GetKeyState (nVirtKey=18) returned 0 [0248.963] GetAsyncKeyState (vKey=33) returned 0 [0248.963] GetLastError () returned 0x0 [0248.963] GetKeyState (nVirtKey=16) returned 0 [0248.963] GetKeyState (nVirtKey=17) returned 0 [0248.963] GetKeyState (nVirtKey=18) returned 0 [0248.963] GetAsyncKeyState (vKey=34) returned 0 [0248.963] GetLastError () returned 0x0 [0248.963] GetKeyState (nVirtKey=16) returned 0 [0248.963] GetKeyState (nVirtKey=17) returned 0 [0248.963] GetKeyState (nVirtKey=18) returned 0 [0248.963] GetAsyncKeyState (vKey=35) returned 0 [0248.964] GetLastError () returned 0x0 [0248.964] GetKeyState (nVirtKey=16) returned 0 [0248.964] GetKeyState (nVirtKey=17) returned 0 [0248.964] GetKeyState (nVirtKey=18) returned 0 [0248.964] GetAsyncKeyState (vKey=36) returned 0 [0248.964] GetLastError () returned 0x0 [0248.964] GetKeyState (nVirtKey=16) returned 0 [0248.964] GetKeyState (nVirtKey=17) returned 0 [0248.964] GetKeyState (nVirtKey=18) returned 0 [0248.964] GetAsyncKeyState (vKey=37) returned 0 [0248.964] GetLastError () returned 0x0 [0248.964] GetKeyState (nVirtKey=16) returned 0 [0248.964] GetKeyState (nVirtKey=17) returned 0 [0248.964] GetKeyState (nVirtKey=18) returned 0 [0248.964] GetAsyncKeyState (vKey=38) returned 0 [0248.964] GetLastError () returned 0x0 [0248.964] GetKeyState (nVirtKey=16) returned 0 [0248.964] GetKeyState (nVirtKey=17) returned 0 [0248.964] GetKeyState (nVirtKey=18) returned 0 [0248.964] GetAsyncKeyState (vKey=39) returned 0 [0248.964] GetLastError () returned 0x0 [0248.964] GetKeyState (nVirtKey=16) returned 0 [0248.964] GetKeyState (nVirtKey=17) returned 0 [0248.964] GetKeyState (nVirtKey=18) returned 0 [0248.964] GetAsyncKeyState (vKey=40) returned 0 [0248.964] GetLastError () returned 0x0 [0248.964] GetKeyState (nVirtKey=16) returned 0 [0248.964] GetKeyState (nVirtKey=17) returned 0 [0248.964] GetKeyState (nVirtKey=18) returned 0 [0248.965] GetAsyncKeyState (vKey=41) returned 0 [0248.965] GetLastError () returned 0x0 [0248.965] GetKeyState (nVirtKey=16) returned 0 [0248.965] GetKeyState (nVirtKey=17) returned 0 [0248.965] GetKeyState (nVirtKey=18) returned 0 [0248.965] GetAsyncKeyState (vKey=42) returned 0 [0248.965] GetLastError () returned 0x0 [0248.965] GetKeyState (nVirtKey=16) returned 0 [0248.965] GetKeyState (nVirtKey=17) returned 0 [0248.965] GetKeyState (nVirtKey=18) returned 0 [0248.965] GetAsyncKeyState (vKey=43) returned 0 [0248.965] GetLastError () returned 0x0 [0248.965] GetKeyState (nVirtKey=16) returned 0 [0248.965] GetKeyState (nVirtKey=17) returned 0 [0248.965] GetKeyState (nVirtKey=18) returned 0 [0248.965] GetAsyncKeyState (vKey=44) returned 0 [0248.965] GetLastError () returned 0x0 [0248.965] GetKeyState (nVirtKey=16) returned 0 [0248.965] GetKeyState (nVirtKey=17) returned 0 [0248.965] GetKeyState (nVirtKey=18) returned 0 [0248.965] GetAsyncKeyState (vKey=45) returned 0 [0248.965] GetLastError () returned 0x0 [0248.965] GetKeyState (nVirtKey=16) returned 0 [0248.965] GetKeyState (nVirtKey=17) returned 0 [0248.965] GetKeyState (nVirtKey=18) returned 0 [0248.965] GetAsyncKeyState (vKey=46) returned 0 [0248.965] GetLastError () returned 0x0 [0248.966] GetKeyState (nVirtKey=16) returned 0 [0248.966] GetKeyState (nVirtKey=17) returned 0 [0248.966] GetKeyState (nVirtKey=18) returned 0 [0248.966] GetAsyncKeyState (vKey=47) returned 0 [0248.966] GetLastError () returned 0x0 [0248.966] GetKeyState (nVirtKey=16) returned 0 [0248.966] GetKeyState (nVirtKey=17) returned 0 [0248.966] GetKeyState (nVirtKey=18) returned 0 [0248.966] GetAsyncKeyState (vKey=48) returned 0 [0248.966] GetLastError () returned 0x0 [0248.966] GetKeyState (nVirtKey=16) returned 0 [0248.966] GetKeyState (nVirtKey=17) returned 0 [0248.966] GetKeyState (nVirtKey=18) returned 0 [0248.966] GetAsyncKeyState (vKey=49) returned 0 [0248.966] GetLastError () returned 0x0 [0248.966] GetKeyState (nVirtKey=16) returned 0 [0248.966] GetKeyState (nVirtKey=17) returned 0 [0248.966] GetKeyState (nVirtKey=18) returned 0 [0248.966] GetAsyncKeyState (vKey=50) returned 0 [0248.966] GetLastError () returned 0x0 [0248.966] GetKeyState (nVirtKey=16) returned 0 [0248.966] GetKeyState (nVirtKey=17) returned 0 [0248.966] GetKeyState (nVirtKey=18) returned 0 [0248.966] GetAsyncKeyState (vKey=51) returned 0 [0248.966] GetLastError () returned 0x0 [0248.966] GetKeyState (nVirtKey=16) returned 0 [0248.966] GetKeyState (nVirtKey=17) returned 0 [0248.966] GetKeyState (nVirtKey=18) returned 0 [0248.966] GetAsyncKeyState (vKey=52) returned 0 [0248.967] GetLastError () returned 0x0 [0248.967] GetKeyState (nVirtKey=16) returned 0 [0248.967] GetKeyState (nVirtKey=17) returned 0 [0248.967] GetKeyState (nVirtKey=18) returned 0 [0248.967] GetAsyncKeyState (vKey=53) returned 0 [0248.967] GetLastError () returned 0x0 [0248.967] GetKeyState (nVirtKey=16) returned 0 [0248.967] GetKeyState (nVirtKey=17) returned 0 [0248.967] GetKeyState (nVirtKey=18) returned 0 [0248.967] GetAsyncKeyState (vKey=54) returned 0 [0248.967] GetLastError () returned 0x0 [0248.967] GetKeyState (nVirtKey=16) returned 0 [0248.967] GetKeyState (nVirtKey=17) returned 0 [0248.967] GetKeyState (nVirtKey=18) returned 0 [0248.967] GetAsyncKeyState (vKey=55) returned 0 [0248.967] GetLastError () returned 0x0 [0248.967] GetKeyState (nVirtKey=16) returned 0 [0248.967] GetKeyState (nVirtKey=17) returned 0 [0248.967] GetKeyState (nVirtKey=18) returned 0 [0248.967] GetAsyncKeyState (vKey=56) returned 0 [0248.967] GetLastError () returned 0x0 [0248.967] GetKeyState (nVirtKey=16) returned 0 [0248.967] GetKeyState (nVirtKey=17) returned 0 [0248.967] GetKeyState (nVirtKey=18) returned 0 [0248.967] GetAsyncKeyState (vKey=57) returned 0 [0248.967] GetLastError () returned 0x0 [0248.967] GetKeyState (nVirtKey=16) returned 0 [0248.968] GetKeyState (nVirtKey=17) returned 0 [0248.968] GetKeyState (nVirtKey=18) returned 0 [0248.968] GetAsyncKeyState (vKey=58) returned 0 [0248.968] GetLastError () returned 0x0 [0248.968] GetKeyState (nVirtKey=16) returned 0 [0248.968] GetKeyState (nVirtKey=17) returned 0 [0248.968] GetKeyState (nVirtKey=18) returned 0 [0248.968] GetAsyncKeyState (vKey=59) returned 0 [0248.968] GetLastError () returned 0x0 [0248.968] GetKeyState (nVirtKey=16) returned 0 [0248.968] GetKeyState (nVirtKey=17) returned 0 [0248.968] GetKeyState (nVirtKey=18) returned 0 [0248.968] GetAsyncKeyState (vKey=60) returned 0 [0248.968] GetLastError () returned 0x0 [0248.968] GetKeyState (nVirtKey=16) returned 0 [0248.968] GetKeyState (nVirtKey=17) returned 0 [0248.968] GetKeyState (nVirtKey=18) returned 0 [0248.968] GetAsyncKeyState (vKey=61) returned 0 [0248.968] GetLastError () returned 0x0 [0248.968] GetKeyState (nVirtKey=16) returned 0 [0248.968] GetKeyState (nVirtKey=17) returned 0 [0248.968] GetKeyState (nVirtKey=18) returned 0 [0248.968] GetAsyncKeyState (vKey=62) returned 0 [0248.969] GetLastError () returned 0x0 [0248.969] GetKeyState (nVirtKey=16) returned 0 [0248.969] GetKeyState (nVirtKey=17) returned 0 [0248.969] GetKeyState (nVirtKey=18) returned 0 [0248.969] GetAsyncKeyState (vKey=63) returned 0 [0248.969] GetLastError () returned 0x0 [0248.969] GetKeyState (nVirtKey=16) returned 0 [0248.969] GetKeyState (nVirtKey=17) returned 0 [0248.969] GetKeyState (nVirtKey=18) returned 0 [0248.969] GetAsyncKeyState (vKey=64) returned 0 [0248.969] GetLastError () returned 0x0 [0248.969] GetKeyState (nVirtKey=16) returned 0 [0248.969] GetKeyState (nVirtKey=17) returned 0 [0248.969] GetKeyState (nVirtKey=18) returned 0 [0248.969] GetAsyncKeyState (vKey=65) returned 0 [0248.969] GetLastError () returned 0x0 [0248.969] GetKeyState (nVirtKey=16) returned 0 [0248.969] GetKeyState (nVirtKey=17) returned 0 [0248.969] GetKeyState (nVirtKey=18) returned 0 [0248.969] GetAsyncKeyState (vKey=66) returned 0 [0248.969] GetLastError () returned 0x0 [0248.970] GetKeyState (nVirtKey=16) returned 0 [0248.970] GetKeyState (nVirtKey=17) returned 0 [0248.970] GetKeyState (nVirtKey=18) returned 0 [0248.970] GetAsyncKeyState (vKey=67) returned 0 [0248.970] GetLastError () returned 0x0 [0248.970] GetKeyState (nVirtKey=16) returned 0 [0248.970] GetKeyState (nVirtKey=17) returned 0 [0248.970] GetKeyState (nVirtKey=18) returned 0 [0248.970] GetAsyncKeyState (vKey=68) returned 0 [0248.970] GetLastError () returned 0x0 [0248.970] GetKeyState (nVirtKey=16) returned 0 [0248.970] GetKeyState (nVirtKey=17) returned 0 [0248.970] GetKeyState (nVirtKey=18) returned 0 [0248.970] GetAsyncKeyState (vKey=69) returned 0 [0248.970] GetLastError () returned 0x0 [0248.970] GetKeyState (nVirtKey=16) returned 0 [0248.970] GetKeyState (nVirtKey=17) returned 0 [0248.970] GetKeyState (nVirtKey=18) returned 0 [0248.970] GetAsyncKeyState (vKey=70) returned 0 [0248.970] GetLastError () returned 0x0 [0248.970] GetKeyState (nVirtKey=16) returned 0 [0248.970] GetKeyState (nVirtKey=17) returned 0 [0248.971] GetKeyState (nVirtKey=18) returned 0 [0248.971] GetAsyncKeyState (vKey=71) returned 0 [0248.971] GetLastError () returned 0x0 [0248.971] GetKeyState (nVirtKey=16) returned 0 [0248.971] GetKeyState (nVirtKey=17) returned 0 [0248.971] GetKeyState (nVirtKey=18) returned 0 [0248.971] GetAsyncKeyState (vKey=72) returned 0 [0248.971] GetLastError () returned 0x0 [0248.971] GetKeyState (nVirtKey=16) returned 0 [0248.971] GetKeyState (nVirtKey=17) returned 0 [0248.971] GetKeyState (nVirtKey=18) returned 0 [0248.971] GetAsyncKeyState (vKey=73) returned 0 [0248.971] GetLastError () returned 0x0 [0248.971] GetKeyState (nVirtKey=16) returned 0 [0248.971] GetKeyState (nVirtKey=17) returned 0 [0248.971] GetKeyState (nVirtKey=18) returned 0 [0248.971] GetAsyncKeyState (vKey=74) returned 0 [0248.971] GetLastError () returned 0x0 [0248.971] GetKeyState (nVirtKey=16) returned 0 [0248.971] GetKeyState (nVirtKey=17) returned 0 [0248.971] GetKeyState (nVirtKey=18) returned 0 [0248.971] GetAsyncKeyState (vKey=75) returned 0 [0248.972] GetLastError () returned 0x0 [0248.972] GetKeyState (nVirtKey=16) returned 0 [0248.972] GetKeyState (nVirtKey=17) returned 0 [0248.972] GetKeyState (nVirtKey=18) returned 0 [0248.972] GetAsyncKeyState (vKey=76) returned 0 [0248.972] GetLastError () returned 0x0 [0248.972] GetKeyState (nVirtKey=16) returned 0 [0248.972] GetKeyState (nVirtKey=17) returned 0 [0248.972] GetKeyState (nVirtKey=18) returned 0 [0248.972] GetAsyncKeyState (vKey=77) returned 0 [0248.972] GetLastError () returned 0x0 [0248.972] GetKeyState (nVirtKey=16) returned 0 [0248.972] GetKeyState (nVirtKey=17) returned 0 [0248.972] GetKeyState (nVirtKey=18) returned 0 [0248.972] GetAsyncKeyState (vKey=78) returned 0 [0248.972] GetLastError () returned 0x0 [0248.972] GetKeyState (nVirtKey=16) returned 0 [0248.972] GetKeyState (nVirtKey=17) returned 0 [0248.972] GetKeyState (nVirtKey=18) returned 0 [0248.972] GetAsyncKeyState (vKey=79) returned 0 [0248.972] GetLastError () returned 0x0 [0248.972] GetKeyState (nVirtKey=16) returned 0 [0248.972] GetKeyState (nVirtKey=17) returned 0 [0248.972] GetKeyState (nVirtKey=18) returned 0 [0248.973] GetAsyncKeyState (vKey=80) returned 0 [0248.973] GetLastError () returned 0x0 [0248.973] GetKeyState (nVirtKey=16) returned 0 [0248.973] GetKeyState (nVirtKey=17) returned 0 [0248.973] GetKeyState (nVirtKey=18) returned 0 [0248.973] GetAsyncKeyState (vKey=81) returned 0 [0248.973] GetLastError () returned 0x0 [0248.973] GetKeyState (nVirtKey=16) returned 0 [0248.973] GetKeyState (nVirtKey=17) returned 0 [0248.973] GetKeyState (nVirtKey=18) returned 0 [0248.973] GetAsyncKeyState (vKey=82) returned 0 [0248.973] GetLastError () returned 0x0 [0248.973] GetKeyState (nVirtKey=16) returned 0 [0248.973] GetKeyState (nVirtKey=17) returned 0 [0248.973] GetKeyState (nVirtKey=18) returned 0 [0248.973] GetAsyncKeyState (vKey=83) returned 0 [0248.973] GetLastError () returned 0x0 [0248.973] GetAsyncKeyState (vKey=84) returned 0 [0248.974] GetLastError () returned 0x0 [0248.974] GetAsyncKeyState (vKey=85) returned 0 [0248.974] GetLastError () returned 0x0 [0248.974] GetAsyncKeyState (vKey=86) returned 0 [0248.974] GetLastError () returned 0x0 [0248.974] GetAsyncKeyState (vKey=87) returned 0 [0248.974] GetLastError () returned 0x0 [0248.974] GetAsyncKeyState (vKey=88) returned 0 [0248.974] GetLastError () returned 0x0 [0248.974] GetAsyncKeyState (vKey=89) returned 0 [0248.974] GetLastError () returned 0x0 [0248.974] GetAsyncKeyState (vKey=90) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=91) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=92) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=93) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=94) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=95) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=96) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=97) returned 0 [0248.975] GetLastError () returned 0x0 [0248.975] GetAsyncKeyState (vKey=98) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=99) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=100) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=101) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=102) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=103) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=104) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=105) returned 0 [0248.976] GetLastError () returned 0x0 [0248.976] GetAsyncKeyState (vKey=106) returned 0 [0248.976] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=107) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=108) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=109) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=110) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=111) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=112) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=113) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=114) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=115) returned 0 [0248.977] GetLastError () returned 0x0 [0248.977] GetAsyncKeyState (vKey=116) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=117) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=118) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=119) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=120) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=121) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=122) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=123) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=124) returned 0 [0248.978] GetLastError () returned 0x0 [0248.978] GetAsyncKeyState (vKey=125) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=126) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=127) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=128) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=129) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=130) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=131) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=132) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=133) returned 0 [0248.979] GetLastError () returned 0x0 [0248.979] GetAsyncKeyState (vKey=134) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=135) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=136) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=137) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=138) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=139) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=140) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=141) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=142) returned 0 [0248.980] GetLastError () returned 0x0 [0248.980] GetAsyncKeyState (vKey=143) returned 0 [0248.980] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=144) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=145) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=146) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=147) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=148) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=149) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=150) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=151) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=152) returned 0 [0248.981] GetLastError () returned 0x0 [0248.981] GetAsyncKeyState (vKey=153) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=154) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=155) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=156) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=157) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=158) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=159) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=160) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=161) returned 0 [0248.982] GetLastError () returned 0x0 [0248.982] GetAsyncKeyState (vKey=162) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=163) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=164) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=165) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=166) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=167) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=168) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=169) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=170) returned 0 [0248.983] GetLastError () returned 0x0 [0248.983] GetAsyncKeyState (vKey=171) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=172) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=173) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=174) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=175) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=176) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=177) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=178) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=179) returned 0 [0248.984] GetLastError () returned 0x0 [0248.984] GetAsyncKeyState (vKey=180) returned 0 [0248.984] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=181) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=182) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=183) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=184) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=185) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=186) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=187) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=188) returned 0 [0248.985] GetLastError () returned 0x0 [0248.985] GetAsyncKeyState (vKey=189) returned 0 [0248.985] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=190) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=191) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=192) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=193) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=194) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=195) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=196) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=197) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=198) returned 0 [0248.986] GetLastError () returned 0x0 [0248.986] GetAsyncKeyState (vKey=199) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=200) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=201) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=202) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=203) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=204) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=205) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=206) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=207) returned 0 [0248.987] GetLastError () returned 0x0 [0248.987] GetAsyncKeyState (vKey=208) returned 0 [0248.987] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=209) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=210) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=211) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=212) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=213) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=214) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=215) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=216) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=217) returned 0 [0248.988] GetLastError () returned 0x0 [0248.988] GetAsyncKeyState (vKey=218) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=219) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=220) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=221) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=222) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=223) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=224) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=225) returned 0 [0248.989] GetLastError () returned 0x0 [0248.989] GetAsyncKeyState (vKey=226) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=227) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=228) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=229) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=230) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=231) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=232) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=233) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=234) returned 0 [0248.990] GetLastError () returned 0x0 [0248.990] GetAsyncKeyState (vKey=235) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=236) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=237) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=238) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=239) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=240) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=241) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=242) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=243) returned 0 [0248.991] GetLastError () returned 0x0 [0248.991] GetAsyncKeyState (vKey=244) returned 0 [0248.992] GetLastError () returned 0x0 [0248.992] GetAsyncKeyState (vKey=245) returned 0 [0248.992] GetLastError () returned 0x0 [0248.992] GetAsyncKeyState (vKey=246) returned 0 [0248.992] GetLastError () returned 0x0 [0248.992] GetAsyncKeyState (vKey=247) returned 0 [0248.992] GetLastError () returned 0x0 [0248.992] GetAsyncKeyState (vKey=248) returned 0 [0248.992] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.645] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.646] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.647] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.648] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.649] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.650] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.651] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.652] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.653] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.654] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.655] GetLastError () returned 0x0 [0251.656] GetLastError () returned 0x0 [0251.656] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.658] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.659] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.660] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.661] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0251.662] GetLastError () returned 0x0 [0265.692] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", ulOptions=0x0, samDesired=0x2001f, phkResult=0x528f13c | out: phkResult=0x528f13c*=0x408) returned 0x0 [0265.693] RegQueryValueExW (in: hKey=0x408, lpValueName="[kl]", lpReserved=0x0, lpType=0x528f194, lpData=0x0, lpcbData=0x528f190*=0x0 | out: lpType=0x528f194*=0x1, lpData=0x0, lpcbData=0x528f190*=0x2) returned 0x0 [0265.693] RegSetValueExW (in: hKey=0x408, lpValueName="[kl]", Reserved=0x0, dwType=0x1, lpData="", cbData=0x2 | out: lpData="") returned 0x0 [0265.703] GetAsyncKeyState (vKey=0) returned 0 [0265.703] GetLastError () returned 0x0 [0265.703] GetKeyState (nVirtKey=16) returned 0 [0265.703] GetKeyState (nVirtKey=17) returned 0 [0265.703] GetKeyState (nVirtKey=18) returned 0 [0265.703] GetAsyncKeyState (vKey=1) returned 0 [0265.703] GetLastError () returned 0x0 [0265.703] GetKeyState (nVirtKey=16) returned 0 [0265.703] GetKeyState (nVirtKey=17) returned 0 [0265.703] GetKeyState (nVirtKey=18) returned 0 [0265.703] GetAsyncKeyState (vKey=2) returned 0 [0265.703] GetLastError () returned 0x0 [0265.703] GetKeyState (nVirtKey=16) returned 0 [0265.703] GetKeyState (nVirtKey=17) returned 0 [0265.703] GetKeyState (nVirtKey=18) returned 0 [0265.703] GetAsyncKeyState (vKey=3) returned 0 [0265.703] GetLastError () returned 0x0 [0265.703] GetKeyState (nVirtKey=16) returned 0 [0265.703] GetKeyState (nVirtKey=17) returned 0 [0265.703] GetKeyState (nVirtKey=18) returned 0 [0265.703] GetAsyncKeyState (vKey=4) returned 0 [0265.703] GetLastError () returned 0x0 [0265.703] GetKeyState (nVirtKey=16) returned 0 [0265.703] GetKeyState (nVirtKey=17) returned 0 [0265.703] GetKeyState (nVirtKey=18) returned 0 [0265.703] GetAsyncKeyState (vKey=5) returned 0 [0265.703] GetLastError () returned 0x0 [0265.703] GetKeyState (nVirtKey=16) returned 0 [0265.703] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=6) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=7) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=8) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=9) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=10) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=11) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=12) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.704] GetKeyState (nVirtKey=18) returned 0 [0265.704] GetAsyncKeyState (vKey=13) returned 0 [0265.704] GetLastError () returned 0x0 [0265.704] GetKeyState (nVirtKey=16) returned 0 [0265.704] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=14) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.705] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=15) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.705] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=16) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.705] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=17) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.705] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=18) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.705] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=19) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.705] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=20) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.705] GetKeyState (nVirtKey=17) returned 0 [0265.705] GetKeyState (nVirtKey=18) returned 0 [0265.705] GetAsyncKeyState (vKey=21) returned 0 [0265.705] GetLastError () returned 0x0 [0265.705] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=22) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=23) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=24) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=25) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=26) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=27) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=28) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.706] GetKeyState (nVirtKey=17) returned 0 [0265.706] GetKeyState (nVirtKey=18) returned 0 [0265.706] GetAsyncKeyState (vKey=29) returned 0 [0265.706] GetLastError () returned 0x0 [0265.706] GetKeyState (nVirtKey=16) returned 0 [0265.707] GetKeyState (nVirtKey=17) returned 0 [0265.707] GetKeyState (nVirtKey=18) returned 0 [0265.707] GetAsyncKeyState (vKey=30) returned 0 [0265.707] GetLastError () returned 0x0 [0265.707] GetKeyState (nVirtKey=16) returned 0 [0265.707] GetKeyState (nVirtKey=17) returned 0 [0265.707] GetKeyState (nVirtKey=18) returned 0 [0265.707] GetAsyncKeyState (vKey=31) returned 0 [0265.707] GetLastError () returned 0x0 [0265.707] GetKeyState (nVirtKey=16) returned 0 [0265.707] GetKeyState (nVirtKey=17) returned 0 [0265.707] GetKeyState (nVirtKey=18) returned 0 [0265.707] GetAsyncKeyState (vKey=32) returned 0 [0265.707] GetLastError () returned 0x0 [0265.707] GetKeyState (nVirtKey=16) returned 0 [0265.707] GetKeyState (nVirtKey=17) returned 0 [0265.707] GetKeyState (nVirtKey=18) returned 0 [0265.707] GetAsyncKeyState (vKey=33) returned 0 [0265.707] GetLastError () returned 0x0 [0265.707] GetKeyState (nVirtKey=16) returned 0 [0265.707] GetKeyState (nVirtKey=17) returned 0 [0265.707] GetKeyState (nVirtKey=18) returned 0 [0265.707] GetAsyncKeyState (vKey=34) returned 0 [0265.707] GetLastError () returned 0x0 [0265.707] GetKeyState (nVirtKey=16) returned 0 [0265.707] GetKeyState (nVirtKey=17) returned 0 [0265.707] GetKeyState (nVirtKey=18) returned 0 [0265.707] GetAsyncKeyState (vKey=35) returned 0 [0265.707] GetLastError () returned 0x0 [0265.707] GetKeyState (nVirtKey=16) returned 0 [0265.707] GetKeyState (nVirtKey=17) returned 0 [0265.707] GetKeyState (nVirtKey=18) returned 0 [0265.708] GetAsyncKeyState (vKey=36) returned 0 [0265.708] GetLastError () returned 0x0 [0265.708] GetKeyState (nVirtKey=16) returned 0 [0265.708] GetKeyState (nVirtKey=17) returned 0 [0265.708] GetKeyState (nVirtKey=18) returned 0 [0265.708] GetAsyncKeyState (vKey=37) returned 0 [0265.708] GetLastError () returned 0x0 [0265.708] GetKeyState (nVirtKey=16) returned 0 [0265.708] GetKeyState (nVirtKey=17) returned 0 [0265.708] GetKeyState (nVirtKey=18) returned 0 [0265.708] GetAsyncKeyState (vKey=38) returned 0 [0265.708] GetLastError () returned 0x0 [0265.708] GetKeyState (nVirtKey=16) returned 0 [0265.708] GetKeyState (nVirtKey=17) returned 0 [0265.708] GetKeyState (nVirtKey=18) returned 0 [0265.708] GetAsyncKeyState (vKey=39) returned 0 [0265.708] GetLastError () returned 0x0 [0265.708] GetKeyState (nVirtKey=16) returned 0 [0265.708] GetKeyState (nVirtKey=17) returned 0 [0265.708] GetKeyState (nVirtKey=18) returned 0 [0265.708] GetAsyncKeyState (vKey=40) returned 0 [0265.708] GetLastError () returned 0x0 [0265.708] GetKeyState (nVirtKey=16) returned 0 [0265.708] GetKeyState (nVirtKey=17) returned 0 [0265.708] GetKeyState (nVirtKey=18) returned 0 [0265.708] GetAsyncKeyState (vKey=41) returned 0 [0265.708] GetLastError () returned 0x0 [0265.708] GetKeyState (nVirtKey=16) returned 0 [0265.708] GetKeyState (nVirtKey=17) returned 0 [0265.709] GetKeyState (nVirtKey=18) returned 0 [0265.709] GetAsyncKeyState (vKey=42) returned 0 [0265.709] GetLastError () returned 0x0 [0265.709] GetKeyState (nVirtKey=16) returned 0 [0265.709] GetKeyState (nVirtKey=17) returned 0 [0265.709] GetKeyState (nVirtKey=18) returned 0 [0265.709] GetAsyncKeyState (vKey=43) returned 0 [0265.709] GetLastError () returned 0x0 [0265.709] GetKeyState (nVirtKey=16) returned 0 [0265.709] GetKeyState (nVirtKey=17) returned 0 [0265.709] GetKeyState (nVirtKey=18) returned 0 [0265.709] GetAsyncKeyState (vKey=44) returned 0 [0265.709] GetLastError () returned 0x0 [0265.709] GetKeyState (nVirtKey=16) returned 0 [0265.709] GetKeyState (nVirtKey=17) returned 0 [0265.709] GetKeyState (nVirtKey=18) returned 0 [0265.709] GetAsyncKeyState (vKey=45) returned 0 [0265.712] GetLastError () returned 0x0 [0265.712] GetKeyState (nVirtKey=16) returned 0 [0265.712] GetKeyState (nVirtKey=17) returned 0 [0265.712] GetKeyState (nVirtKey=18) returned 0 [0265.712] GetAsyncKeyState (vKey=46) returned 0 [0265.712] GetLastError () returned 0x0 [0265.712] GetKeyState (nVirtKey=16) returned 0 [0265.712] GetKeyState (nVirtKey=17) returned 0 [0265.712] GetKeyState (nVirtKey=18) returned 0 [0265.712] GetAsyncKeyState (vKey=47) returned 0 [0265.712] GetLastError () returned 0x0 [0265.712] GetKeyState (nVirtKey=16) returned 0 [0265.712] GetKeyState (nVirtKey=17) returned 0 [0265.712] GetKeyState (nVirtKey=18) returned 0 [0265.712] GetAsyncKeyState (vKey=48) returned 0 [0265.712] GetLastError () returned 0x0 [0265.712] GetKeyState (nVirtKey=16) returned 0 [0265.712] GetKeyState (nVirtKey=17) returned 0 [0265.712] GetKeyState (nVirtKey=18) returned 0 [0265.712] GetAsyncKeyState (vKey=49) returned 0 [0265.712] GetLastError () returned 0x0 [0265.712] GetKeyState (nVirtKey=16) returned 0 [0265.712] GetKeyState (nVirtKey=17) returned 0 [0265.712] GetKeyState (nVirtKey=18) returned 0 [0265.712] GetAsyncKeyState (vKey=50) returned 0 [0265.712] GetLastError () returned 0x0 [0265.713] GetKeyState (nVirtKey=16) returned 0 [0265.713] GetKeyState (nVirtKey=17) returned 0 [0265.713] GetKeyState (nVirtKey=18) returned 0 [0265.713] GetAsyncKeyState (vKey=51) returned 0 [0265.713] GetLastError () returned 0x0 [0265.713] GetKeyState (nVirtKey=16) returned 0 [0265.713] GetKeyState (nVirtKey=17) returned 0 [0265.713] GetKeyState (nVirtKey=18) returned 0 [0265.713] GetAsyncKeyState (vKey=52) returned 0 [0265.713] GetLastError () returned 0x0 [0265.713] GetKeyState (nVirtKey=16) returned 0 [0265.713] GetKeyState (nVirtKey=17) returned 0 [0265.713] GetKeyState (nVirtKey=18) returned 0 [0265.713] GetAsyncKeyState (vKey=53) returned 0 [0265.713] GetLastError () returned 0x0 [0265.713] GetKeyState (nVirtKey=16) returned 0 [0265.713] GetKeyState (nVirtKey=17) returned 0 [0265.713] GetKeyState (nVirtKey=18) returned 0 [0265.713] GetAsyncKeyState (vKey=54) returned 0 [0265.713] GetLastError () returned 0x0 [0265.713] GetKeyState (nVirtKey=16) returned 0 [0265.713] GetKeyState (nVirtKey=17) returned 0 [0265.713] GetKeyState (nVirtKey=18) returned 0 [0265.713] GetAsyncKeyState (vKey=55) returned 0 [0265.713] GetLastError () returned 0x0 [0265.713] GetKeyState (nVirtKey=16) returned 0 [0265.713] GetKeyState (nVirtKey=17) returned 0 [0265.713] GetKeyState (nVirtKey=18) returned 0 [0265.713] GetAsyncKeyState (vKey=56) returned 0 [0265.714] GetLastError () returned 0x0 [0265.714] GetKeyState (nVirtKey=16) returned 0 [0265.714] GetKeyState (nVirtKey=17) returned 0 [0265.714] GetKeyState (nVirtKey=18) returned 0 [0265.714] GetAsyncKeyState (vKey=57) returned 0 [0265.714] GetLastError () returned 0x0 [0265.714] GetKeyState (nVirtKey=16) returned 0 [0265.714] GetKeyState (nVirtKey=17) returned 0 [0265.714] GetKeyState (nVirtKey=18) returned 0 [0265.714] GetAsyncKeyState (vKey=58) returned 0 [0265.714] GetLastError () returned 0x0 [0265.714] GetKeyState (nVirtKey=16) returned 0 [0265.714] GetKeyState (nVirtKey=17) returned 0 [0265.714] GetKeyState (nVirtKey=18) returned 0 [0265.714] GetAsyncKeyState (vKey=59) returned 0 [0265.714] GetLastError () returned 0x0 [0265.714] GetKeyState (nVirtKey=16) returned 0 [0265.714] GetKeyState (nVirtKey=17) returned 0 [0265.714] GetKeyState (nVirtKey=18) returned 0 [0265.714] GetAsyncKeyState (vKey=60) returned 0 [0265.714] GetLastError () returned 0x0 [0265.714] GetKeyState (nVirtKey=16) returned 0 [0265.714] GetKeyState (nVirtKey=17) returned 0 [0265.714] GetKeyState (nVirtKey=18) returned 0 [0265.714] GetAsyncKeyState (vKey=61) returned 0 [0265.714] GetLastError () returned 0x0 [0265.714] GetKeyState (nVirtKey=16) returned 0 [0265.714] GetKeyState (nVirtKey=17) returned 0 [0265.715] GetKeyState (nVirtKey=18) returned 0 [0265.715] GetAsyncKeyState (vKey=62) returned 0 [0265.715] GetLastError () returned 0x0 [0265.715] GetKeyState (nVirtKey=16) returned 0 [0265.715] GetKeyState (nVirtKey=17) returned 0 [0265.715] GetKeyState (nVirtKey=18) returned 0 [0265.715] GetAsyncKeyState (vKey=63) returned 0 [0265.715] GetLastError () returned 0x0 [0265.715] GetKeyState (nVirtKey=16) returned 0 [0265.715] GetKeyState (nVirtKey=17) returned 0 [0265.715] GetKeyState (nVirtKey=18) returned 0 [0265.715] GetAsyncKeyState (vKey=64) returned 0 [0265.715] GetLastError () returned 0x0 [0265.715] GetKeyState (nVirtKey=16) returned 0 [0265.715] GetKeyState (nVirtKey=17) returned 0 [0265.715] GetKeyState (nVirtKey=18) returned 0 [0265.715] GetAsyncKeyState (vKey=65) returned 0 [0265.715] GetLastError () returned 0x0 [0265.715] GetKeyState (nVirtKey=16) returned 0 [0265.715] GetKeyState (nVirtKey=17) returned 0 [0265.715] GetKeyState (nVirtKey=18) returned 0 [0265.715] GetAsyncKeyState (vKey=66) returned 0 [0265.715] GetLastError () returned 0x0 [0265.715] GetKeyState (nVirtKey=16) returned 0 [0265.715] GetKeyState (nVirtKey=17) returned 0 [0265.715] GetKeyState (nVirtKey=18) returned 0 [0265.715] GetAsyncKeyState (vKey=67) returned 0 [0265.715] GetLastError () returned 0x0 [0265.716] GetKeyState (nVirtKey=16) returned 0 [0265.716] GetKeyState (nVirtKey=17) returned 0 [0265.716] GetKeyState (nVirtKey=18) returned 0 [0265.716] GetAsyncKeyState (vKey=68) returned 0 [0265.716] GetLastError () returned 0x0 [0265.716] GetKeyState (nVirtKey=16) returned 0 [0265.716] GetKeyState (nVirtKey=17) returned 0 [0265.716] GetKeyState (nVirtKey=18) returned 0 [0265.716] GetAsyncKeyState (vKey=69) returned 0 [0265.716] GetLastError () returned 0x0 [0265.716] GetKeyState (nVirtKey=16) returned 0 [0265.716] GetKeyState (nVirtKey=17) returned 0 [0265.716] GetKeyState (nVirtKey=18) returned 0 [0265.716] GetAsyncKeyState (vKey=70) returned 0 [0265.716] GetLastError () returned 0x0 [0265.716] GetKeyState (nVirtKey=16) returned 0 [0265.716] GetKeyState (nVirtKey=17) returned 0 [0265.716] GetKeyState (nVirtKey=18) returned 0 [0265.716] GetAsyncKeyState (vKey=71) returned 0 [0265.716] GetLastError () returned 0x0 [0265.716] GetKeyState (nVirtKey=16) returned 0 [0265.716] GetKeyState (nVirtKey=17) returned 0 [0265.716] GetKeyState (nVirtKey=18) returned 0 [0265.716] GetAsyncKeyState (vKey=72) returned 0 [0265.716] GetLastError () returned 0x0 [0265.716] GetKeyState (nVirtKey=16) returned 0 [0265.716] GetKeyState (nVirtKey=17) returned 0 [0265.716] GetKeyState (nVirtKey=18) returned 0 [0265.716] GetAsyncKeyState (vKey=73) returned 0 [0265.716] GetLastError () returned 0x0 [0265.717] GetKeyState (nVirtKey=16) returned 0 [0265.717] GetKeyState (nVirtKey=17) returned 0 [0265.717] GetKeyState (nVirtKey=18) returned 0 [0265.717] GetAsyncKeyState (vKey=74) returned 0 [0265.717] GetLastError () returned 0x0 [0265.717] GetKeyState (nVirtKey=16) returned 0 [0265.717] GetKeyState (nVirtKey=17) returned 0 [0265.717] GetKeyState (nVirtKey=18) returned 0 [0265.717] GetAsyncKeyState (vKey=75) returned 0 [0265.717] GetLastError () returned 0x0 [0265.717] GetKeyState (nVirtKey=16) returned 0 [0265.717] GetKeyState (nVirtKey=17) returned 0 [0265.717] GetKeyState (nVirtKey=18) returned 0 [0265.717] GetAsyncKeyState (vKey=76) returned 0 [0265.717] GetLastError () returned 0x0 [0265.717] GetKeyState (nVirtKey=16) returned 0 [0265.717] GetKeyState (nVirtKey=17) returned 0 [0265.717] GetKeyState (nVirtKey=18) returned 0 [0265.717] GetAsyncKeyState (vKey=77) returned 0 [0265.717] GetLastError () returned 0x0 [0265.717] GetKeyState (nVirtKey=16) returned 0 [0265.717] GetKeyState (nVirtKey=17) returned 0 [0265.717] GetKeyState (nVirtKey=18) returned 0 [0265.717] GetAsyncKeyState (vKey=78) returned 0 [0265.717] GetLastError () returned 0x0 [0265.717] GetKeyState (nVirtKey=16) returned 0 [0265.717] GetKeyState (nVirtKey=17) returned 0 [0265.717] GetKeyState (nVirtKey=18) returned 0 [0265.717] GetAsyncKeyState (vKey=79) returned 0 [0265.718] GetLastError () returned 0x0 [0265.718] GetKeyState (nVirtKey=16) returned 0 [0265.718] GetKeyState (nVirtKey=17) returned 0 [0265.718] GetKeyState (nVirtKey=18) returned 0 [0265.718] GetAsyncKeyState (vKey=80) returned 0 [0265.718] GetLastError () returned 0x0 [0265.718] GetKeyState (nVirtKey=16) returned 0 [0265.718] GetKeyState (nVirtKey=17) returned 0 [0265.718] GetKeyState (nVirtKey=18) returned 0 [0265.718] GetAsyncKeyState (vKey=81) returned 0 [0265.719] GetLastError () returned 0x0 [0265.719] GetKeyState (nVirtKey=16) returned 0 [0265.719] GetKeyState (nVirtKey=17) returned 0 [0265.719] GetKeyState (nVirtKey=18) returned 0 [0265.719] GetAsyncKeyState (vKey=82) returned 0 [0265.719] GetLastError () returned 0x0 [0265.719] GetKeyState (nVirtKey=16) returned 0 [0265.719] GetKeyState (nVirtKey=17) returned 0 [0265.719] GetKeyState (nVirtKey=18) returned 0 [0265.719] GetAsyncKeyState (vKey=83) returned 0 [0265.719] GetLastError () returned 0x0 [0265.719] GetAsyncKeyState (vKey=84) returned 0 [0265.719] GetLastError () returned 0x0 [0265.719] GetAsyncKeyState (vKey=85) returned 0 [0265.719] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=86) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=87) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=88) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=89) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=90) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=91) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=92) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=93) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=94) returned 0 [0265.720] GetLastError () returned 0x0 [0265.720] GetAsyncKeyState (vKey=95) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=96) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=97) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=98) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=99) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=100) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=101) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=102) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=103) returned 0 [0265.721] GetLastError () returned 0x0 [0265.721] GetAsyncKeyState (vKey=104) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=105) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=106) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=107) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=108) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=109) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=110) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=111) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=112) returned 0 [0265.722] GetLastError () returned 0x0 [0265.722] GetAsyncKeyState (vKey=113) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=114) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=115) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=116) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=117) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=118) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=119) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=120) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=121) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=122) returned 0 [0265.723] GetLastError () returned 0x0 [0265.723] GetAsyncKeyState (vKey=123) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=124) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=125) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=126) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=127) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=128) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=129) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=130) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=131) returned 0 [0265.724] GetLastError () returned 0x0 [0265.724] GetAsyncKeyState (vKey=132) returned 0 [0265.724] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=133) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=134) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=135) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=136) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=137) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=138) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=139) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=140) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=141) returned 0 [0265.725] GetLastError () returned 0x0 [0265.725] GetAsyncKeyState (vKey=142) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=143) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=144) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=145) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=146) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=147) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=148) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=149) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=150) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=151) returned 0 [0265.726] GetLastError () returned 0x0 [0265.726] GetAsyncKeyState (vKey=152) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=153) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=154) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=155) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=156) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=157) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=158) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=159) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=160) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=161) returned 0 [0265.727] GetLastError () returned 0x0 [0265.727] GetAsyncKeyState (vKey=162) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=163) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=164) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=165) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=166) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=167) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=168) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=169) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=170) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=171) returned 0 [0265.728] GetLastError () returned 0x0 [0265.728] GetAsyncKeyState (vKey=172) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=173) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=174) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=175) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=176) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=177) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=178) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=179) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=180) returned 0 [0265.729] GetLastError () returned 0x0 [0265.729] GetAsyncKeyState (vKey=181) returned 0 [0265.729] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=182) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=183) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=184) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=185) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=186) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=187) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=188) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=189) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=190) returned 0 [0265.730] GetLastError () returned 0x0 [0265.730] GetAsyncKeyState (vKey=191) returned 0 [0265.730] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=192) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=193) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=194) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=195) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=196) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=197) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=198) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=199) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=200) returned 0 [0265.731] GetLastError () returned 0x0 [0265.731] GetAsyncKeyState (vKey=201) returned 0 [0265.731] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=202) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=203) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=204) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=205) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=206) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=207) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=208) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=209) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=210) returned 0 [0265.732] GetLastError () returned 0x0 [0265.732] GetAsyncKeyState (vKey=211) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=212) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=213) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=214) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=215) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=216) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=217) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=218) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=219) returned 0 [0265.733] GetLastError () returned 0x0 [0265.733] GetAsyncKeyState (vKey=220) returned 0 [0265.733] GetLastError () returned 0x0 [0265.734] GetAsyncKeyState (vKey=221) returned 0 [0265.734] GetLastError () returned 0x0 [0265.734] GetAsyncKeyState (vKey=222) returned 0 [0265.734] GetLastError () returned 0x0 [0265.734] GetAsyncKeyState (vKey=223) returned 0 [0265.734] GetLastError () returned 0x0 [0265.734] GetAsyncKeyState (vKey=224) returned 0 [0265.734] GetLastError () returned 0x0 [0265.734] GetAsyncKeyState (vKey=225) returned 0 [0265.734] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=226) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=227) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=228) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=229) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=230) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=231) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=232) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=233) returned 0 [0265.735] GetLastError () returned 0x0 [0265.735] GetAsyncKeyState (vKey=234) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=235) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=236) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=237) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=238) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=239) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=240) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=241) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=242) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=243) returned 0 [0265.736] GetLastError () returned 0x0 [0265.736] GetAsyncKeyState (vKey=244) returned 0 [0265.737] GetLastError () returned 0x0 [0265.737] GetAsyncKeyState (vKey=245) returned 0 [0265.737] GetLastError () returned 0x0 [0265.737] GetAsyncKeyState (vKey=246) returned 0 [0265.737] GetLastError () returned 0x0 [0265.737] GetAsyncKeyState (vKey=247) returned 0 [0265.737] GetLastError () returned 0x0 [0265.737] GetAsyncKeyState (vKey=248) returned 0 [0265.737] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.033] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.034] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.035] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.036] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.037] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.038] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.039] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.040] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.041] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.042] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.043] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.044] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.045] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.046] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.047] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0268.048] GetLastError () returned 0x0 [0283.292] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", ulOptions=0x0, samDesired=0x2001f, phkResult=0x528f13c | out: phkResult=0x528f13c*=0x450) returned 0x0 [0283.293] RegQueryValueExW (in: hKey=0x450, lpValueName="[kl]", lpReserved=0x0, lpType=0x528f194, lpData=0x0, lpcbData=0x528f190*=0x0 | out: lpType=0x528f194*=0x1, lpData=0x0, lpcbData=0x528f190*=0x2) returned 0x0 [0283.293] RegSetValueExW (in: hKey=0x450, lpValueName="[kl]", Reserved=0x0, dwType=0x1, lpData="", cbData=0x2 | out: lpData="") returned 0x0 [0283.303] GetAsyncKeyState (vKey=0) returned 0 [0283.303] GetKeyState (nVirtKey=16) returned 0 [0283.303] GetKeyState (nVirtKey=17) returned 0 [0283.303] GetKeyState (nVirtKey=18) returned 0 [0283.303] GetAsyncKeyState (vKey=1) returned 0 [0283.303] GetLastError () returned 0x0 [0283.303] GetKeyState (nVirtKey=16) returned 0 [0283.303] GetKeyState (nVirtKey=17) returned 0 [0283.303] GetKeyState (nVirtKey=18) returned 0 [0283.303] GetAsyncKeyState (vKey=2) returned 0 [0283.303] GetLastError () returned 0x0 [0283.303] GetKeyState (nVirtKey=16) returned 0 [0283.303] GetKeyState (nVirtKey=17) returned 0 [0283.303] GetKeyState (nVirtKey=18) returned 0 [0283.303] GetAsyncKeyState (vKey=3) returned 0 [0283.303] GetLastError () returned 0x0 [0283.303] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=4) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=5) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=6) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=7) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=8) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=9) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=10) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.304] GetAsyncKeyState (vKey=11) returned 0 [0283.304] GetLastError () returned 0x0 [0283.304] GetKeyState (nVirtKey=16) returned 0 [0283.304] GetKeyState (nVirtKey=17) returned 0 [0283.304] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=12) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=13) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=14) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=15) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=16) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=17) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=18) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.305] GetAsyncKeyState (vKey=19) returned 0 [0283.305] GetLastError () returned 0x0 [0283.305] GetKeyState (nVirtKey=16) returned 0 [0283.305] GetKeyState (nVirtKey=17) returned 0 [0283.305] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=20) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=21) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=22) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=23) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=24) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=25) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=26) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.306] GetAsyncKeyState (vKey=27) returned 0 [0283.306] GetLastError () returned 0x0 [0283.306] GetKeyState (nVirtKey=16) returned 0 [0283.306] GetKeyState (nVirtKey=17) returned 0 [0283.306] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=28) returned 0 [0283.307] GetLastError () returned 0x0 [0283.307] GetKeyState (nVirtKey=16) returned 0 [0283.307] GetKeyState (nVirtKey=17) returned 0 [0283.307] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=29) returned 0 [0283.307] GetLastError () returned 0x0 [0283.307] GetKeyState (nVirtKey=16) returned 0 [0283.307] GetKeyState (nVirtKey=17) returned 0 [0283.307] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=30) returned 0 [0283.307] GetLastError () returned 0x0 [0283.307] GetKeyState (nVirtKey=16) returned 0 [0283.307] GetKeyState (nVirtKey=17) returned 0 [0283.307] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=31) returned 0 [0283.307] GetLastError () returned 0x0 [0283.307] GetKeyState (nVirtKey=16) returned 0 [0283.307] GetKeyState (nVirtKey=17) returned 0 [0283.307] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=32) returned 0 [0283.307] GetLastError () returned 0x0 [0283.307] GetKeyState (nVirtKey=16) returned 0 [0283.307] GetKeyState (nVirtKey=17) returned 0 [0283.307] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=33) returned 0 [0283.307] GetLastError () returned 0x0 [0283.307] GetKeyState (nVirtKey=16) returned 0 [0283.307] GetKeyState (nVirtKey=17) returned 0 [0283.307] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=34) returned 0 [0283.307] GetLastError () returned 0x0 [0283.307] GetKeyState (nVirtKey=16) returned 0 [0283.307] GetKeyState (nVirtKey=17) returned 0 [0283.307] GetKeyState (nVirtKey=18) returned 0 [0283.307] GetAsyncKeyState (vKey=35) returned 0 [0283.308] GetLastError () returned 0x0 [0283.308] GetKeyState (nVirtKey=16) returned 0 [0283.308] GetKeyState (nVirtKey=17) returned 0 [0283.308] GetKeyState (nVirtKey=18) returned 0 [0283.308] GetAsyncKeyState (vKey=36) returned 0 [0283.308] GetLastError () returned 0x0 [0283.308] GetKeyState (nVirtKey=16) returned 0 [0283.308] GetKeyState (nVirtKey=17) returned 0 [0283.308] GetKeyState (nVirtKey=18) returned 0 [0283.308] GetAsyncKeyState (vKey=37) returned 0 [0283.308] GetLastError () returned 0x0 [0283.308] GetKeyState (nVirtKey=16) returned 0 [0283.308] GetKeyState (nVirtKey=17) returned 0 [0283.308] GetKeyState (nVirtKey=18) returned 0 [0283.308] GetAsyncKeyState (vKey=38) returned 0 [0283.308] GetLastError () returned 0x0 [0283.308] GetKeyState (nVirtKey=16) returned 0 [0283.308] GetKeyState (nVirtKey=17) returned 0 [0283.308] GetKeyState (nVirtKey=18) returned 0 [0283.308] GetAsyncKeyState (vKey=39) returned 0 [0283.308] GetLastError () returned 0x0 [0283.308] GetKeyState (nVirtKey=16) returned 0 [0283.308] GetKeyState (nVirtKey=17) returned 0 [0283.308] GetKeyState (nVirtKey=18) returned 0 [0283.308] GetAsyncKeyState (vKey=40) returned 0 [0283.308] GetLastError () returned 0x0 [0283.308] GetKeyState (nVirtKey=16) returned 0 [0283.308] GetKeyState (nVirtKey=17) returned 0 [0283.308] GetKeyState (nVirtKey=18) returned 0 [0283.308] GetAsyncKeyState (vKey=41) returned 0 [0283.309] GetLastError () returned 0x0 [0283.309] GetKeyState (nVirtKey=16) returned 0 [0283.309] GetKeyState (nVirtKey=17) returned 0 [0283.309] GetKeyState (nVirtKey=18) returned 0 [0283.309] GetAsyncKeyState (vKey=42) returned 0 [0283.309] GetLastError () returned 0x0 [0283.309] GetKeyState (nVirtKey=16) returned 0 [0283.309] GetKeyState (nVirtKey=17) returned 0 [0283.309] GetKeyState (nVirtKey=18) returned 0 [0283.309] GetAsyncKeyState (vKey=43) returned 0 [0283.309] GetLastError () returned 0x0 [0283.309] GetKeyState (nVirtKey=16) returned 0 [0283.309] GetKeyState (nVirtKey=17) returned 0 [0283.309] GetKeyState (nVirtKey=18) returned 0 [0283.309] GetAsyncKeyState (vKey=44) returned 0 [0283.309] GetLastError () returned 0x0 [0283.309] GetKeyState (nVirtKey=16) returned 0 [0283.309] GetKeyState (nVirtKey=17) returned 0 [0283.309] GetKeyState (nVirtKey=18) returned 0 [0283.309] GetAsyncKeyState (vKey=45) returned 0 [0283.309] GetLastError () returned 0x0 [0283.309] GetKeyState (nVirtKey=16) returned 0 [0283.309] GetKeyState (nVirtKey=17) returned 0 [0283.309] GetKeyState (nVirtKey=18) returned 0 [0283.309] GetAsyncKeyState (vKey=46) returned 0 [0283.309] GetLastError () returned 0x0 [0283.309] GetKeyState (nVirtKey=16) returned 0 [0283.309] GetKeyState (nVirtKey=17) returned 0 [0283.309] GetKeyState (nVirtKey=18) returned 0 [0283.309] GetAsyncKeyState (vKey=47) returned 0 [0283.310] GetLastError () returned 0x0 [0283.310] GetKeyState (nVirtKey=16) returned 0 [0283.310] GetKeyState (nVirtKey=17) returned 0 [0283.310] GetKeyState (nVirtKey=18) returned 0 [0283.310] GetAsyncKeyState (vKey=48) returned 0 [0283.310] GetLastError () returned 0x0 [0283.310] GetKeyState (nVirtKey=16) returned 0 [0283.310] GetKeyState (nVirtKey=17) returned 0 [0283.310] GetKeyState (nVirtKey=18) returned 0 [0283.310] GetAsyncKeyState (vKey=49) returned 0 [0283.310] GetLastError () returned 0x0 [0283.310] GetKeyState (nVirtKey=16) returned 0 [0283.310] GetKeyState (nVirtKey=17) returned 0 [0283.310] GetKeyState (nVirtKey=18) returned 0 [0283.310] GetAsyncKeyState (vKey=50) returned 0 [0283.310] GetLastError () returned 0x0 [0283.310] GetKeyState (nVirtKey=16) returned 0 [0283.310] GetKeyState (nVirtKey=17) returned 0 [0283.310] GetKeyState (nVirtKey=18) returned 0 [0283.310] GetAsyncKeyState (vKey=51) returned 0 [0283.310] GetLastError () returned 0x0 [0283.310] GetKeyState (nVirtKey=16) returned 0 [0283.310] GetKeyState (nVirtKey=17) returned 0 [0283.310] GetKeyState (nVirtKey=18) returned 0 [0283.310] GetAsyncKeyState (vKey=52) returned 0 [0283.310] GetLastError () returned 0x0 [0283.310] GetKeyState (nVirtKey=16) returned 0 [0283.310] GetKeyState (nVirtKey=17) returned 0 [0283.310] GetKeyState (nVirtKey=18) returned 0 [0283.310] GetAsyncKeyState (vKey=53) returned 0 [0283.310] GetLastError () returned 0x0 [0283.310] GetKeyState (nVirtKey=16) returned 0 [0283.311] GetKeyState (nVirtKey=17) returned 0 [0283.311] GetKeyState (nVirtKey=18) returned 0 [0283.311] GetAsyncKeyState (vKey=54) returned 0 [0283.311] GetLastError () returned 0x0 [0283.311] GetKeyState (nVirtKey=16) returned 0 [0283.311] GetKeyState (nVirtKey=17) returned 0 [0283.311] GetKeyState (nVirtKey=18) returned 0 [0283.311] GetAsyncKeyState (vKey=55) returned 0 [0283.311] GetLastError () returned 0x0 [0283.311] GetKeyState (nVirtKey=16) returned 0 [0283.311] GetKeyState (nVirtKey=17) returned 0 [0283.311] GetKeyState (nVirtKey=18) returned 0 [0283.311] GetAsyncKeyState (vKey=56) returned 0 [0283.311] GetLastError () returned 0x0 [0283.311] GetKeyState (nVirtKey=16) returned 0 [0283.311] GetKeyState (nVirtKey=17) returned 0 [0283.311] GetKeyState (nVirtKey=18) returned 0 [0283.311] GetAsyncKeyState (vKey=57) returned 0 [0283.311] GetLastError () returned 0x0 [0283.311] GetKeyState (nVirtKey=16) returned 0 [0283.311] GetKeyState (nVirtKey=17) returned 0 [0283.311] GetKeyState (nVirtKey=18) returned 0 [0283.311] GetAsyncKeyState (vKey=58) returned 0 [0283.311] GetLastError () returned 0x0 [0283.311] GetKeyState (nVirtKey=16) returned 0 [0283.311] GetKeyState (nVirtKey=17) returned 0 [0283.311] GetKeyState (nVirtKey=18) returned 0 [0283.311] GetAsyncKeyState (vKey=59) returned 0 [0283.311] GetLastError () returned 0x0 [0283.311] GetKeyState (nVirtKey=16) returned 0 [0283.311] GetKeyState (nVirtKey=17) returned 0 [0283.312] GetKeyState (nVirtKey=18) returned 0 [0283.312] GetAsyncKeyState (vKey=60) returned 0 [0283.312] GetLastError () returned 0x0 [0283.312] GetKeyState (nVirtKey=16) returned 0 [0283.312] GetKeyState (nVirtKey=17) returned 0 [0283.312] GetKeyState (nVirtKey=18) returned 0 [0283.312] GetAsyncKeyState (vKey=61) returned 0 [0283.312] GetLastError () returned 0x0 [0283.312] GetKeyState (nVirtKey=16) returned 0 [0283.312] GetKeyState (nVirtKey=17) returned 0 [0283.312] GetKeyState (nVirtKey=18) returned 0 [0283.312] GetAsyncKeyState (vKey=62) returned 0 [0283.312] GetLastError () returned 0x0 [0283.312] GetKeyState (nVirtKey=16) returned 0 [0283.312] GetKeyState (nVirtKey=17) returned 0 [0283.312] GetKeyState (nVirtKey=18) returned 0 [0283.312] GetAsyncKeyState (vKey=63) returned 0 [0283.312] GetLastError () returned 0x0 [0283.312] GetKeyState (nVirtKey=16) returned 0 [0283.312] GetKeyState (nVirtKey=17) returned 0 [0283.312] GetKeyState (nVirtKey=18) returned 0 [0283.312] GetAsyncKeyState (vKey=64) returned 0 [0283.312] GetLastError () returned 0x0 [0283.312] GetKeyState (nVirtKey=16) returned 0 [0283.312] GetKeyState (nVirtKey=17) returned 0 [0283.312] GetKeyState (nVirtKey=18) returned 0 [0283.312] GetAsyncKeyState (vKey=65) returned 0 [0283.312] GetLastError () returned 0x0 [0283.312] GetKeyState (nVirtKey=16) returned 0 [0283.312] GetKeyState (nVirtKey=17) returned 0 [0283.312] GetKeyState (nVirtKey=18) returned 0 [0283.313] GetAsyncKeyState (vKey=66) returned 0 [0283.313] GetLastError () returned 0x0 [0283.313] GetKeyState (nVirtKey=16) returned 0 [0283.313] GetKeyState (nVirtKey=17) returned 0 [0283.313] GetKeyState (nVirtKey=18) returned 0 [0283.313] GetAsyncKeyState (vKey=67) returned 0 [0283.313] GetLastError () returned 0x0 [0283.313] GetKeyState (nVirtKey=16) returned 0 [0283.313] GetKeyState (nVirtKey=17) returned 0 [0283.313] GetKeyState (nVirtKey=18) returned 0 [0283.313] GetAsyncKeyState (vKey=68) returned 0 [0283.313] GetLastError () returned 0x0 [0283.313] GetKeyState (nVirtKey=16) returned 0 [0283.313] GetKeyState (nVirtKey=17) returned 0 [0283.313] GetKeyState (nVirtKey=18) returned 0 [0283.313] GetAsyncKeyState (vKey=69) returned 0 [0283.313] GetLastError () returned 0x0 [0283.313] GetKeyState (nVirtKey=16) returned 0 [0283.313] GetKeyState (nVirtKey=17) returned 0 [0283.313] GetKeyState (nVirtKey=18) returned 0 [0283.313] GetAsyncKeyState (vKey=70) returned 0 [0283.313] GetLastError () returned 0x0 [0283.313] GetKeyState (nVirtKey=16) returned 0 [0283.313] GetKeyState (nVirtKey=17) returned 0 [0283.313] GetKeyState (nVirtKey=18) returned 0 [0283.313] GetAsyncKeyState (vKey=71) returned 0 [0283.313] GetLastError () returned 0x0 [0283.313] GetKeyState (nVirtKey=16) returned 0 [0283.313] GetKeyState (nVirtKey=17) returned 0 [0283.314] GetKeyState (nVirtKey=18) returned 0 [0283.314] GetAsyncKeyState (vKey=72) returned 0 [0283.314] GetLastError () returned 0x0 [0283.314] GetKeyState (nVirtKey=16) returned 0 [0283.314] GetKeyState (nVirtKey=17) returned 0 [0283.314] GetKeyState (nVirtKey=18) returned 0 [0283.314] GetAsyncKeyState (vKey=73) returned 0 [0283.314] GetLastError () returned 0x0 [0283.314] GetKeyState (nVirtKey=16) returned 0 [0283.314] GetKeyState (nVirtKey=17) returned 0 [0283.314] GetKeyState (nVirtKey=18) returned 0 [0283.314] GetAsyncKeyState (vKey=74) returned 0 [0283.314] GetLastError () returned 0x0 [0283.314] GetKeyState (nVirtKey=16) returned 0 [0283.314] GetKeyState (nVirtKey=17) returned 0 [0283.314] GetKeyState (nVirtKey=18) returned 0 [0283.314] GetAsyncKeyState (vKey=75) returned 0 [0283.314] GetLastError () returned 0x0 [0283.314] GetKeyState (nVirtKey=16) returned 0 [0283.314] GetKeyState (nVirtKey=17) returned 0 [0283.314] GetKeyState (nVirtKey=18) returned 0 [0283.314] GetAsyncKeyState (vKey=76) returned 0 [0283.314] GetLastError () returned 0x0 [0283.314] GetKeyState (nVirtKey=16) returned 0 [0283.314] GetKeyState (nVirtKey=17) returned 0 [0283.314] GetKeyState (nVirtKey=18) returned 0 [0283.314] GetAsyncKeyState (vKey=77) returned 0 [0283.314] GetLastError () returned 0x0 [0283.314] GetKeyState (nVirtKey=16) returned 0 [0283.314] GetKeyState (nVirtKey=17) returned 0 [0283.315] GetKeyState (nVirtKey=18) returned 0 [0283.315] GetAsyncKeyState (vKey=78) returned 0 [0283.315] GetLastError () returned 0x0 [0283.315] GetKeyState (nVirtKey=16) returned 0 [0283.315] GetKeyState (nVirtKey=17) returned 0 [0283.315] GetKeyState (nVirtKey=18) returned 0 [0283.315] GetAsyncKeyState (vKey=79) returned 0 [0283.315] GetLastError () returned 0x0 [0283.315] GetKeyState (nVirtKey=16) returned 0 [0283.315] GetKeyState (nVirtKey=17) returned 0 [0283.315] GetKeyState (nVirtKey=18) returned 0 [0283.315] GetAsyncKeyState (vKey=80) returned 0 [0283.315] GetLastError () returned 0x0 [0283.315] GetKeyState (nVirtKey=16) returned 0 [0283.315] GetKeyState (nVirtKey=17) returned 0 [0283.315] GetKeyState (nVirtKey=18) returned 0 [0283.315] GetAsyncKeyState (vKey=81) returned 0 [0283.315] GetLastError () returned 0x0 [0283.315] GetKeyState (nVirtKey=16) returned 0 [0283.315] GetKeyState (nVirtKey=17) returned 0 [0283.315] GetKeyState (nVirtKey=18) returned 0 [0283.315] GetAsyncKeyState (vKey=82) returned 0 [0283.315] GetLastError () returned 0x0 [0283.315] GetKeyState (nVirtKey=16) returned 0 [0283.315] GetKeyState (nVirtKey=17) returned 0 [0283.315] GetKeyState (nVirtKey=18) returned 0 [0283.315] GetAsyncKeyState (vKey=83) returned 0 [0283.315] GetLastError () returned 0x0 [0283.315] GetAsyncKeyState (vKey=84) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=85) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=86) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=87) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=88) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=89) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=90) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=91) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=92) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=93) returned 0 [0283.316] GetLastError () returned 0x0 [0283.316] GetAsyncKeyState (vKey=94) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=95) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=96) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=97) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=98) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=99) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=100) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=101) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=102) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=103) returned 0 [0283.317] GetLastError () returned 0x0 [0283.317] GetAsyncKeyState (vKey=104) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=105) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=106) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=107) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=108) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=109) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=110) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=111) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=112) returned 0 [0283.318] GetLastError () returned 0x0 [0283.318] GetAsyncKeyState (vKey=113) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=114) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=115) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=116) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=117) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=118) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=119) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=120) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=121) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=122) returned 0 [0283.319] GetLastError () returned 0x0 [0283.319] GetAsyncKeyState (vKey=123) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=124) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=125) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=126) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=127) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=128) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=129) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=130) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=131) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=132) returned 0 [0283.320] GetLastError () returned 0x0 [0283.320] GetAsyncKeyState (vKey=133) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=134) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=135) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=136) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=137) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=138) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=139) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=140) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=141) returned 0 [0283.321] GetLastError () returned 0x0 [0283.321] GetAsyncKeyState (vKey=142) returned 0 [0283.321] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=143) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=144) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=145) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=146) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=147) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=148) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=149) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=150) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=151) returned 0 [0283.322] GetLastError () returned 0x0 [0283.322] GetAsyncKeyState (vKey=152) returned 0 [0283.322] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=153) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=154) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=155) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=156) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=157) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=158) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=159) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=160) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=161) returned 0 [0283.323] GetLastError () returned 0x0 [0283.323] GetAsyncKeyState (vKey=162) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=163) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=164) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=165) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=166) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=167) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=168) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=169) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=170) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=171) returned 0 [0283.324] GetLastError () returned 0x0 [0283.324] GetAsyncKeyState (vKey=172) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=173) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=174) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=175) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=176) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=177) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=178) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=179) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=180) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=181) returned 0 [0283.325] GetLastError () returned 0x0 [0283.325] GetAsyncKeyState (vKey=182) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=183) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=184) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=185) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=186) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=187) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=188) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=189) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=190) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=191) returned 0 [0283.326] GetLastError () returned 0x0 [0283.326] GetAsyncKeyState (vKey=192) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=193) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=194) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=195) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=196) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=197) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=198) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=199) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=200) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=201) returned 0 [0283.327] GetLastError () returned 0x0 [0283.327] GetAsyncKeyState (vKey=202) returned 0 [0283.327] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=203) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=204) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=205) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=206) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=207) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=208) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=209) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=210) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=211) returned 0 [0283.328] GetLastError () returned 0x0 [0283.328] GetAsyncKeyState (vKey=212) returned 0 [0283.328] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=213) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=214) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=215) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=216) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=217) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=218) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=219) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=220) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=221) returned 0 [0283.329] GetLastError () returned 0x0 [0283.329] GetAsyncKeyState (vKey=222) returned 0 [0283.329] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=223) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=224) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=225) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=226) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=227) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=228) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=229) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=230) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=231) returned 0 [0283.330] GetLastError () returned 0x0 [0283.330] GetAsyncKeyState (vKey=232) returned 0 [0283.330] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=233) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=234) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=235) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=236) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=237) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=238) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=239) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=240) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=241) returned 0 [0283.331] GetLastError () returned 0x0 [0283.331] GetAsyncKeyState (vKey=242) returned 0 [0283.332] GetLastError () returned 0x0 [0283.332] GetAsyncKeyState (vKey=243) returned 0 [0283.332] GetLastError () returned 0x0 [0283.332] GetAsyncKeyState (vKey=244) returned 0 [0283.332] GetLastError () returned 0x0 [0283.332] GetAsyncKeyState (vKey=245) returned 0 [0283.332] GetLastError () returned 0x0 [0283.332] GetAsyncKeyState (vKey=246) returned 0 [0283.332] GetLastError () returned 0x0 [0283.332] GetAsyncKeyState (vKey=247) returned 0 [0283.332] GetLastError () returned 0x0 [0283.332] GetAsyncKeyState (vKey=248) returned 0 [0283.332] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.338] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.339] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.340] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.341] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.342] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.343] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.344] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.345] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.346] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.347] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.348] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.349] GetLastError () returned 0x0 [0284.350] GetLastError () returned 0x0 [0284.360] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.361] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.362] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.363] GetLastError () returned 0x0 [0284.364] GetLastError () returned 0x0 [0284.364] GetLastError () returned 0x0 [0284.364] GetLastError () returned 0x0 [0292.561] GetKeyState (nVirtKey=17) returned 0 [0292.561] GetKeyState (nVirtKey=18) returned 0 [0292.561] GetAsyncKeyState (vKey=1) returned 0 [0292.561] GetKeyState (nVirtKey=16) returned 0 [0292.561] GetKeyState (nVirtKey=17) returned 0 [0292.561] GetKeyState (nVirtKey=18) returned 0 [0292.561] GetAsyncKeyState (vKey=2) returned 0 [0292.561] GetKeyState (nVirtKey=16) returned 0 [0292.561] GetKeyState (nVirtKey=17) returned 0 [0292.561] GetKeyState (nVirtKey=18) returned 0 [0292.561] GetAsyncKeyState (vKey=3) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=4) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=5) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=6) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=7) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=8) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=9) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=10) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.562] GetKeyState (nVirtKey=17) returned 0 [0292.562] GetKeyState (nVirtKey=18) returned 0 [0292.562] GetAsyncKeyState (vKey=11) returned 0 [0292.562] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=12) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=13) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=14) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=15) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=18) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.563] GetKeyState (nVirtKey=17) returned 0 [0292.563] GetKeyState (nVirtKey=18) returned 0 [0292.563] GetAsyncKeyState (vKey=19) returned 0 [0292.563] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=20) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=21) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=22) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=23) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=24) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=25) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=26) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.564] GetKeyState (nVirtKey=18) returned 0 [0292.564] GetAsyncKeyState (vKey=27) returned 0 [0292.564] GetKeyState (nVirtKey=16) returned 0 [0292.564] GetKeyState (nVirtKey=17) returned 0 [0292.565] GetKeyState (nVirtKey=18) returned 0 [0292.565] GetAsyncKeyState (vKey=28) returned 0 [0292.565] GetKeyState (nVirtKey=16) returned 0 [0292.565] GetKeyState (nVirtKey=17) returned 0 [0292.565] GetKeyState (nVirtKey=18) returned 0 [0292.565] GetAsyncKeyState (vKey=29) returned 0 [0292.565] GetKeyState (nVirtKey=16) returned 0 [0292.565] GetKeyState (nVirtKey=17) returned 0 [0292.565] GetKeyState (nVirtKey=18) returned 0 [0292.565] GetAsyncKeyState (vKey=30) returned 0 [0292.565] GetKeyState (nVirtKey=16) returned 0 [0292.565] GetKeyState (nVirtKey=17) returned 0 [0292.565] GetKeyState (nVirtKey=18) returned 0 [0292.565] GetAsyncKeyState (vKey=31) returned 0 [0292.565] GetKeyState (nVirtKey=16) returned 0 [0292.565] GetKeyState (nVirtKey=17) returned 0 [0292.565] GetKeyState (nVirtKey=18) returned 0 [0292.565] GetAsyncKeyState (vKey=32) returned 0 [0292.565] GetKeyState (nVirtKey=16) returned 0 [0292.565] GetKeyState (nVirtKey=17) returned 0 [0292.565] GetKeyState (nVirtKey=18) returned 0 [0292.565] GetAsyncKeyState (vKey=33) returned 0 [0292.565] GetKeyState (nVirtKey=16) returned 0 [0292.565] GetKeyState (nVirtKey=17) returned 0 [0292.565] GetKeyState (nVirtKey=18) returned 0 [0292.565] GetAsyncKeyState (vKey=34) returned 0 [0292.566] GetKeyState (nVirtKey=16) returned 0 [0292.566] GetKeyState (nVirtKey=17) returned 0 [0292.566] GetKeyState (nVirtKey=18) returned 0 [0292.566] GetAsyncKeyState (vKey=35) returned 0 [0292.566] GetKeyState (nVirtKey=16) returned 0 [0292.566] GetKeyState (nVirtKey=17) returned 0 [0292.566] GetKeyState (nVirtKey=18) returned 0 [0292.566] GetAsyncKeyState (vKey=36) returned 0 [0292.566] GetKeyState (nVirtKey=16) returned 0 [0292.566] GetKeyState (nVirtKey=17) returned 0 [0292.566] GetKeyState (nVirtKey=18) returned 0 [0292.566] GetAsyncKeyState (vKey=37) returned 0 [0292.566] GetKeyState (nVirtKey=16) returned 0 [0292.566] GetKeyState (nVirtKey=17) returned 0 [0292.566] GetKeyState (nVirtKey=18) returned 0 [0292.566] GetAsyncKeyState (vKey=38) returned 0 [0292.566] GetKeyState (nVirtKey=16) returned 0 [0292.566] GetKeyState (nVirtKey=17) returned 0 [0292.566] GetKeyState (nVirtKey=18) returned 0 [0292.566] GetAsyncKeyState (vKey=39) returned 0 [0292.566] GetKeyState (nVirtKey=16) returned 0 [0292.566] GetKeyState (nVirtKey=17) returned 0 [0292.566] GetKeyState (nVirtKey=18) returned 0 [0292.566] GetAsyncKeyState (vKey=40) returned 0 [0292.566] GetKeyState (nVirtKey=16) returned 0 [0292.567] GetKeyState (nVirtKey=17) returned 0 [0292.567] GetKeyState (nVirtKey=18) returned 0 [0292.567] GetAsyncKeyState (vKey=41) returned 0 [0292.567] GetKeyState (nVirtKey=16) returned 0 [0292.567] GetKeyState (nVirtKey=17) returned 0 [0292.567] GetKeyState (nVirtKey=18) returned 0 [0292.567] GetAsyncKeyState (vKey=42) returned 0 [0292.567] GetKeyState (nVirtKey=16) returned 0 [0292.567] GetKeyState (nVirtKey=17) returned 0 [0292.567] GetKeyState (nVirtKey=18) returned 0 [0292.567] GetAsyncKeyState (vKey=43) returned 0 [0292.567] GetKeyState (nVirtKey=16) returned 0 [0292.567] GetKeyState (nVirtKey=17) returned 0 [0292.567] GetKeyState (nVirtKey=18) returned 0 [0292.567] GetAsyncKeyState (vKey=44) returned 0 [0292.567] GetKeyState (nVirtKey=16) returned 0 [0292.567] GetKeyState (nVirtKey=17) returned 0 [0292.567] GetKeyState (nVirtKey=18) returned 0 [0292.567] GetAsyncKeyState (vKey=45) returned 0 [0292.567] GetKeyState (nVirtKey=16) returned 0 [0292.567] GetKeyState (nVirtKey=17) returned 0 [0292.567] GetKeyState (nVirtKey=18) returned 0 [0292.567] GetAsyncKeyState (vKey=46) returned 0 [0292.567] GetKeyState (nVirtKey=16) returned 0 [0292.567] GetKeyState (nVirtKey=17) returned 0 [0292.567] GetKeyState (nVirtKey=18) returned 0 [0292.567] GetAsyncKeyState (vKey=47) returned 0 [0292.568] GetKeyState (nVirtKey=16) returned 0 [0292.568] GetKeyState (nVirtKey=17) returned 0 [0292.568] GetKeyState (nVirtKey=18) returned 0 [0292.568] GetAsyncKeyState (vKey=48) returned 0 [0292.568] GetKeyState (nVirtKey=16) returned 0 [0292.568] GetKeyState (nVirtKey=17) returned 0 [0292.568] GetKeyState (nVirtKey=18) returned 0 [0292.568] GetAsyncKeyState (vKey=49) returned 0 [0292.568] GetKeyState (nVirtKey=16) returned 0 [0292.568] GetKeyState (nVirtKey=17) returned 0 [0292.568] GetKeyState (nVirtKey=18) returned 0 [0292.568] GetAsyncKeyState (vKey=50) returned 0 [0292.568] GetKeyState (nVirtKey=16) returned 0 [0292.568] GetKeyState (nVirtKey=17) returned 0 [0292.568] GetKeyState (nVirtKey=18) returned 0 [0292.568] GetAsyncKeyState (vKey=51) returned 0 [0292.568] GetKeyState (nVirtKey=16) returned 0 [0292.568] GetKeyState (nVirtKey=17) returned 0 [0292.568] GetKeyState (nVirtKey=18) returned 0 [0292.568] GetAsyncKeyState (vKey=52) returned 0 [0292.568] GetKeyState (nVirtKey=16) returned 0 [0292.568] GetKeyState (nVirtKey=17) returned 0 [0292.568] GetKeyState (nVirtKey=18) returned 0 [0292.568] GetAsyncKeyState (vKey=53) returned 0 [0292.568] GetKeyState (nVirtKey=16) returned 0 [0292.568] GetKeyState (nVirtKey=17) returned 0 [0292.569] GetKeyState (nVirtKey=18) returned 0 [0292.569] GetAsyncKeyState (vKey=54) returned 0 [0292.569] GetKeyState (nVirtKey=16) returned 0 [0292.569] GetKeyState (nVirtKey=17) returned 0 [0292.569] GetKeyState (nVirtKey=18) returned 0 [0292.569] GetAsyncKeyState (vKey=55) returned 0 [0292.569] GetKeyState (nVirtKey=16) returned 0 [0292.569] GetKeyState (nVirtKey=17) returned 0 [0292.569] GetKeyState (nVirtKey=18) returned 0 [0292.569] GetAsyncKeyState (vKey=56) returned 0 [0292.569] GetKeyState (nVirtKey=16) returned 0 [0292.569] GetKeyState (nVirtKey=17) returned 0 [0292.569] GetKeyState (nVirtKey=18) returned 0 [0292.569] GetAsyncKeyState (vKey=57) returned 0 [0292.569] GetKeyState (nVirtKey=16) returned 0 [0292.569] GetKeyState (nVirtKey=17) returned 0 [0292.569] GetKeyState (nVirtKey=18) returned 0 [0292.569] GetAsyncKeyState (vKey=58) returned 0 [0292.569] GetKeyState (nVirtKey=16) returned 0 [0292.569] GetKeyState (nVirtKey=17) returned 0 [0292.569] GetKeyState (nVirtKey=18) returned 0 [0292.569] GetAsyncKeyState (vKey=59) returned 0 [0292.569] GetKeyState (nVirtKey=16) returned 0 [0292.569] GetKeyState (nVirtKey=17) returned 0 [0292.569] GetKeyState (nVirtKey=18) returned 0 [0292.569] GetAsyncKeyState (vKey=60) returned 0 [0292.570] GetKeyState (nVirtKey=16) returned 0 [0292.570] GetKeyState (nVirtKey=17) returned 0 [0292.570] GetKeyState (nVirtKey=18) returned 0 [0292.570] GetAsyncKeyState (vKey=61) returned 0 [0292.570] GetKeyState (nVirtKey=16) returned 0 [0292.570] GetKeyState (nVirtKey=17) returned 0 [0292.570] GetKeyState (nVirtKey=18) returned 0 [0292.570] GetAsyncKeyState (vKey=62) returned 0 [0292.570] GetKeyState (nVirtKey=16) returned 0 [0292.570] GetKeyState (nVirtKey=17) returned 0 [0292.570] GetKeyState (nVirtKey=18) returned 0 [0292.570] GetAsyncKeyState (vKey=63) returned 0 [0292.570] GetKeyState (nVirtKey=16) returned 0 [0292.570] GetKeyState (nVirtKey=17) returned 0 [0292.570] GetKeyState (nVirtKey=18) returned 0 [0292.570] GetAsyncKeyState (vKey=64) returned 0 [0292.570] GetKeyState (nVirtKey=16) returned 0 [0292.570] GetKeyState (nVirtKey=17) returned 0 [0292.570] GetKeyState (nVirtKey=18) returned 0 [0292.570] GetAsyncKeyState (vKey=65) returned 0 [0292.571] GetKeyState (nVirtKey=16) returned 0 [0292.571] GetKeyState (nVirtKey=17) returned 0 [0292.571] GetKeyState (nVirtKey=18) returned 0 [0292.571] GetAsyncKeyState (vKey=66) returned 0 [0292.571] GetKeyState (nVirtKey=16) returned 0 [0292.571] GetKeyState (nVirtKey=17) returned 0 [0292.571] GetKeyState (nVirtKey=18) returned 0 [0292.571] GetAsyncKeyState (vKey=67) returned 0 [0292.571] GetKeyState (nVirtKey=16) returned 0 [0292.571] GetKeyState (nVirtKey=17) returned 0 [0292.571] GetKeyState (nVirtKey=18) returned 0 [0292.571] GetAsyncKeyState (vKey=68) returned 0 [0292.571] GetKeyState (nVirtKey=16) returned 0 [0292.571] GetKeyState (nVirtKey=17) returned 0 [0292.571] GetKeyState (nVirtKey=18) returned 0 [0292.571] GetAsyncKeyState (vKey=69) returned 0 [0292.571] GetKeyState (nVirtKey=16) returned 0 [0292.571] GetKeyState (nVirtKey=17) returned 0 [0292.571] GetKeyState (nVirtKey=18) returned 0 [0292.571] GetAsyncKeyState (vKey=70) returned 0 [0292.571] GetKeyState (nVirtKey=16) returned 0 [0292.571] GetKeyState (nVirtKey=17) returned 0 [0292.571] GetKeyState (nVirtKey=18) returned 0 [0292.571] GetAsyncKeyState (vKey=71) returned 0 [0292.571] GetKeyState (nVirtKey=16) returned 0 [0292.571] GetKeyState (nVirtKey=17) returned 0 [0292.572] GetKeyState (nVirtKey=18) returned 0 [0292.572] GetAsyncKeyState (vKey=72) returned 0 [0292.572] GetKeyState (nVirtKey=16) returned 0 [0292.572] GetKeyState (nVirtKey=17) returned 0 [0292.572] GetKeyState (nVirtKey=18) returned 0 [0292.572] GetAsyncKeyState (vKey=73) returned 0 [0292.572] GetKeyState (nVirtKey=16) returned 0 [0292.572] GetKeyState (nVirtKey=17) returned 0 [0292.572] GetKeyState (nVirtKey=18) returned 0 [0292.572] GetAsyncKeyState (vKey=74) returned 0 [0292.572] GetKeyState (nVirtKey=16) returned 0 [0292.572] GetKeyState (nVirtKey=17) returned 0 [0292.572] GetKeyState (nVirtKey=18) returned 0 [0292.572] GetAsyncKeyState (vKey=75) returned 0 [0292.572] GetKeyState (nVirtKey=16) returned 0 [0292.572] GetKeyState (nVirtKey=17) returned 0 [0292.572] GetKeyState (nVirtKey=18) returned 0 [0292.572] GetAsyncKeyState (vKey=76) returned 0 [0292.572] GetKeyState (nVirtKey=16) returned 0 [0292.572] GetKeyState (nVirtKey=17) returned 0 [0292.572] GetKeyState (nVirtKey=18) returned 0 [0292.572] GetAsyncKeyState (vKey=77) returned 0 [0292.572] GetKeyState (nVirtKey=16) returned 0 [0292.572] GetKeyState (nVirtKey=17) returned 0 [0292.572] GetKeyState (nVirtKey=18) returned 0 [0292.572] GetAsyncKeyState (vKey=78) returned 0 [0292.573] GetKeyState (nVirtKey=16) returned 0 [0292.573] GetKeyState (nVirtKey=17) returned 0 [0292.573] GetKeyState (nVirtKey=18) returned 0 [0292.573] GetAsyncKeyState (vKey=79) returned 0 [0292.573] GetKeyState (nVirtKey=16) returned 0 [0292.573] GetKeyState (nVirtKey=17) returned 0 [0292.573] GetKeyState (nVirtKey=18) returned 0 [0292.573] GetAsyncKeyState (vKey=80) returned 0 [0292.573] GetKeyState (nVirtKey=16) returned 0 [0292.573] GetKeyState (nVirtKey=17) returned 0 [0292.573] GetKeyState (nVirtKey=18) returned 0 [0292.573] GetAsyncKeyState (vKey=81) returned 0 [0292.573] GetKeyState (nVirtKey=16) returned 0 [0292.573] GetKeyState (nVirtKey=17) returned 0 [0292.573] GetKeyState (nVirtKey=18) returned 0 [0292.573] GetAsyncKeyState (vKey=82) returned 0 [0292.573] GetKeyState (nVirtKey=16) returned 0 [0292.573] GetKeyState (nVirtKey=17) returned 0 [0292.573] GetKeyState (nVirtKey=18) returned 0 [0292.573] GetAsyncKeyState (vKey=83) returned 0 [0292.573] GetKeyState (nVirtKey=16) returned 0 [0292.574] GetAsyncKeyState (vKey=84) returned 0 [0292.574] GetAsyncKeyState (vKey=85) returned 0 [0292.574] GetAsyncKeyState (vKey=86) returned 0 [0292.574] GetAsyncKeyState (vKey=87) returned 0 [0292.574] GetAsyncKeyState (vKey=88) returned 0 [0292.574] GetAsyncKeyState (vKey=89) returned 0 [0292.574] GetAsyncKeyState (vKey=90) returned 0 [0292.574] GetAsyncKeyState (vKey=91) returned 0 [0292.574] GetAsyncKeyState (vKey=92) returned 0 [0292.574] GetAsyncKeyState (vKey=93) returned 0 [0292.574] GetAsyncKeyState (vKey=94) returned 0 [0292.574] GetAsyncKeyState (vKey=95) returned 0 [0292.575] GetAsyncKeyState (vKey=96) returned 0 [0292.575] GetAsyncKeyState (vKey=97) returned 0 [0292.575] GetAsyncKeyState (vKey=98) returned 0 [0292.575] GetAsyncKeyState (vKey=99) returned 0 [0292.575] GetAsyncKeyState (vKey=100) returned 0 [0292.575] GetAsyncKeyState (vKey=101) returned 0 [0292.575] GetAsyncKeyState (vKey=102) returned 0 [0292.575] GetAsyncKeyState (vKey=103) returned 0 [0292.575] GetAsyncKeyState (vKey=104) returned 0 [0292.575] GetAsyncKeyState (vKey=105) returned 0 [0292.575] GetAsyncKeyState (vKey=106) returned 0 [0292.575] GetAsyncKeyState (vKey=107) returned 0 [0292.575] GetAsyncKeyState (vKey=108) returned 0 [0292.576] GetAsyncKeyState (vKey=109) returned 0 [0292.576] GetAsyncKeyState (vKey=110) returned 0 [0292.576] GetAsyncKeyState (vKey=111) returned 0 [0292.576] GetAsyncKeyState (vKey=112) returned 0 [0292.576] GetAsyncKeyState (vKey=113) returned 0 [0292.576] GetAsyncKeyState (vKey=114) returned 0 [0292.576] GetAsyncKeyState (vKey=115) returned 0 [0292.576] GetAsyncKeyState (vKey=116) returned 0 [0292.576] GetAsyncKeyState (vKey=117) returned 0 [0292.576] GetAsyncKeyState (vKey=118) returned 0 [0292.576] GetAsyncKeyState (vKey=119) returned 0 [0292.576] GetAsyncKeyState (vKey=120) returned 0 [0292.576] GetAsyncKeyState (vKey=121) returned 0 [0292.577] GetAsyncKeyState (vKey=122) returned 0 [0292.577] GetAsyncKeyState (vKey=123) returned 0 [0292.577] GetAsyncKeyState (vKey=124) returned 0 [0292.577] GetAsyncKeyState (vKey=125) returned 0 [0292.577] GetAsyncKeyState (vKey=126) returned 0 [0292.577] GetAsyncKeyState (vKey=127) returned 0 [0292.577] GetAsyncKeyState (vKey=128) returned 0 [0292.577] GetAsyncKeyState (vKey=129) returned 0 [0292.577] GetAsyncKeyState (vKey=130) returned 0 [0292.577] GetAsyncKeyState (vKey=131) returned 0 [0292.577] GetAsyncKeyState (vKey=132) returned 0 [0292.577] GetAsyncKeyState (vKey=133) returned 0 [0292.578] GetAsyncKeyState (vKey=134) returned 0 [0292.578] GetAsyncKeyState (vKey=135) returned 0 [0292.578] GetAsyncKeyState (vKey=136) returned 0 [0292.578] GetAsyncKeyState (vKey=137) returned 0 [0292.578] GetAsyncKeyState (vKey=138) returned 0 [0292.578] GetAsyncKeyState (vKey=139) returned 0 [0292.578] GetAsyncKeyState (vKey=140) returned 0 [0292.578] GetAsyncKeyState (vKey=141) returned 0 [0292.578] GetAsyncKeyState (vKey=142) returned 0 [0292.578] GetAsyncKeyState (vKey=143) returned 0 [0292.578] GetAsyncKeyState (vKey=144) returned 0 [0292.578] GetAsyncKeyState (vKey=145) returned 0 [0292.578] GetAsyncKeyState (vKey=146) returned 0 [0292.579] GetAsyncKeyState (vKey=147) returned 0 [0292.581] GetAsyncKeyState (vKey=148) returned 0 [0292.581] GetAsyncKeyState (vKey=149) returned 0 [0292.581] GetAsyncKeyState (vKey=150) returned 0 [0292.582] GetAsyncKeyState (vKey=151) returned 0 [0292.582] GetAsyncKeyState (vKey=152) returned 0 [0292.582] GetAsyncKeyState (vKey=153) returned 0 [0292.582] GetAsyncKeyState (vKey=154) returned 0 [0292.582] GetAsyncKeyState (vKey=155) returned 0 [0292.582] GetAsyncKeyState (vKey=156) returned 0 [0292.582] GetAsyncKeyState (vKey=157) returned 0 [0292.582] GetAsyncKeyState (vKey=158) returned 0 [0292.582] GetAsyncKeyState (vKey=159) returned 0 [0292.582] GetAsyncKeyState (vKey=160) returned 0 [0292.582] GetAsyncKeyState (vKey=161) returned 0 [0292.582] GetAsyncKeyState (vKey=162) returned 0 [0292.582] GetAsyncKeyState (vKey=163) returned 0 [0292.583] GetAsyncKeyState (vKey=164) returned 0 [0292.583] GetAsyncKeyState (vKey=165) returned 0 [0292.583] GetAsyncKeyState (vKey=166) returned 0 [0292.583] GetAsyncKeyState (vKey=167) returned 0 [0292.583] GetAsyncKeyState (vKey=168) returned 0 [0292.583] GetAsyncKeyState (vKey=169) returned 0 [0292.583] GetAsyncKeyState (vKey=170) returned 0 [0292.583] GetAsyncKeyState (vKey=171) returned 0 [0292.583] GetAsyncKeyState (vKey=172) returned 0 [0292.583] GetAsyncKeyState (vKey=173) returned 0 [0292.583] GetAsyncKeyState (vKey=174) returned 0 [0292.583] GetAsyncKeyState (vKey=175) returned 0 [0292.583] GetAsyncKeyState (vKey=176) returned 0 [0292.584] GetAsyncKeyState (vKey=177) returned 0 [0292.584] GetAsyncKeyState (vKey=178) returned 0 [0292.584] GetAsyncKeyState (vKey=179) returned 0 [0292.584] GetAsyncKeyState (vKey=180) returned 0 [0292.584] GetAsyncKeyState (vKey=181) returned 0 [0292.584] GetAsyncKeyState (vKey=182) returned 0 [0292.584] GetAsyncKeyState (vKey=183) returned 0 [0292.584] GetAsyncKeyState (vKey=184) returned 0 [0292.584] GetAsyncKeyState (vKey=185) returned 0 [0292.584] GetAsyncKeyState (vKey=186) returned 0 [0292.584] GetAsyncKeyState (vKey=187) returned 0 [0292.584] GetAsyncKeyState (vKey=188) returned 0 [0292.585] GetAsyncKeyState (vKey=189) returned 0 [0292.585] GetAsyncKeyState (vKey=190) returned 0 [0292.585] GetAsyncKeyState (vKey=191) returned 0 [0292.585] GetAsyncKeyState (vKey=192) returned 0 [0292.585] GetAsyncKeyState (vKey=193) returned 0 [0292.585] GetAsyncKeyState (vKey=194) returned 0 [0292.585] GetAsyncKeyState (vKey=195) returned 0 [0292.585] GetAsyncKeyState (vKey=196) returned 0 [0292.585] GetAsyncKeyState (vKey=197) returned 0 [0292.585] GetAsyncKeyState (vKey=198) returned 0 [0292.585] GetAsyncKeyState (vKey=199) returned 0 [0292.585] GetAsyncKeyState (vKey=200) returned 0 [0292.585] GetAsyncKeyState (vKey=201) returned 0 [0292.586] GetAsyncKeyState (vKey=202) returned 0 [0292.586] GetAsyncKeyState (vKey=203) returned 0 [0292.586] GetAsyncKeyState (vKey=204) returned 0 [0292.586] GetAsyncKeyState (vKey=205) returned 0 [0292.586] GetAsyncKeyState (vKey=206) returned 0 [0292.586] GetAsyncKeyState (vKey=207) returned 0 [0292.586] GetAsyncKeyState (vKey=208) returned 0 [0292.586] GetAsyncKeyState (vKey=209) returned 0 [0292.586] GetAsyncKeyState (vKey=210) returned 0 [0292.587] GetAsyncKeyState (vKey=211) returned 0 [0292.587] GetAsyncKeyState (vKey=212) returned 0 [0292.587] GetAsyncKeyState (vKey=213) returned 0 [0292.587] GetAsyncKeyState (vKey=214) returned 0 [0292.587] GetAsyncKeyState (vKey=215) returned 0 [0292.587] GetAsyncKeyState (vKey=216) returned 0 [0292.587] GetAsyncKeyState (vKey=217) returned 0 [0292.587] GetAsyncKeyState (vKey=218) returned 0 [0292.587] GetAsyncKeyState (vKey=219) returned 0 [0292.587] GetAsyncKeyState (vKey=220) returned 0 [0292.587] GetAsyncKeyState (vKey=221) returned 0 [0292.587] GetAsyncKeyState (vKey=222) returned 0 [0292.587] GetAsyncKeyState (vKey=223) returned 0 [0292.588] GetAsyncKeyState (vKey=224) returned 0 [0292.588] GetAsyncKeyState (vKey=225) returned 0 [0292.588] GetAsyncKeyState (vKey=226) returned 0 [0292.588] GetAsyncKeyState (vKey=227) returned 0 [0292.588] GetAsyncKeyState (vKey=228) returned 0 [0292.588] GetAsyncKeyState (vKey=229) returned 0 [0292.588] GetAsyncKeyState (vKey=230) returned 0 [0292.588] GetAsyncKeyState (vKey=231) returned 0 [0292.588] GetAsyncKeyState (vKey=232) returned 0 [0292.588] GetAsyncKeyState (vKey=233) returned 0 [0292.588] GetAsyncKeyState (vKey=234) returned 0 [0292.588] GetAsyncKeyState (vKey=235) returned 0 [0292.589] GetAsyncKeyState (vKey=236) returned 0 [0292.589] GetAsyncKeyState (vKey=237) returned 0 [0292.589] GetAsyncKeyState (vKey=238) returned 0 [0292.589] GetAsyncKeyState (vKey=239) returned 0 [0292.589] GetAsyncKeyState (vKey=240) returned 0 [0292.589] GetAsyncKeyState (vKey=241) returned 0 [0292.589] GetAsyncKeyState (vKey=242) returned 0 [0292.589] GetAsyncKeyState (vKey=243) returned 0 [0292.589] GetAsyncKeyState (vKey=244) returned 0 [0292.589] GetAsyncKeyState (vKey=245) returned 0 [0292.590] GetAsyncKeyState (vKey=246) returned 0 [0292.590] GetAsyncKeyState (vKey=247) returned 0 [0292.590] GetAsyncKeyState (vKey=248) returned 0 [0292.590] GetAsyncKeyState (vKey=249) returned 0 [0304.795] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", ulOptions=0x0, samDesired=0x2001f, phkResult=0x528f13c | out: phkResult=0x528f13c*=0x4ac) returned 0x0 [0304.795] RegQueryValueExW (in: hKey=0x4ac, lpValueName="[kl]", lpReserved=0x0, lpType=0x528f194, lpData=0x0, lpcbData=0x528f190*=0x0 | out: lpType=0x528f194*=0x1, lpData=0x0, lpcbData=0x528f190*=0x2) returned 0x0 [0304.795] RegSetValueExW (in: hKey=0x4ac, lpValueName="[kl]", Reserved=0x0, dwType=0x1, lpData="", cbData=0x2 | out: lpData="") returned 0x0 [0304.799] GetAsyncKeyState (vKey=0) returned 0 [0304.799] GetLastError () returned 0x0 [0304.799] GetKeyState (nVirtKey=16) returned 0 [0304.799] GetKeyState (nVirtKey=17) returned 0 [0304.799] GetKeyState (nVirtKey=18) returned 0 [0304.799] GetAsyncKeyState (vKey=1) returned 0 [0304.799] GetLastError () returned 0x0 [0304.799] GetKeyState (nVirtKey=16) returned 0 [0304.799] GetKeyState (nVirtKey=17) returned 0 [0304.799] GetKeyState (nVirtKey=18) returned 0 [0304.799] GetAsyncKeyState (vKey=2) returned 0 [0304.799] GetLastError () returned 0x0 [0304.799] GetKeyState (nVirtKey=16) returned 0 [0304.799] GetKeyState (nVirtKey=17) returned 0 [0304.799] GetKeyState (nVirtKey=18) returned 0 [0304.799] GetAsyncKeyState (vKey=3) returned 0 [0304.799] GetLastError () returned 0x0 [0304.799] GetKeyState (nVirtKey=16) returned 0 [0304.799] GetKeyState (nVirtKey=17) returned 0 [0304.799] GetKeyState (nVirtKey=18) returned 0 [0304.799] GetAsyncKeyState (vKey=4) returned 0 [0304.799] GetLastError () returned 0x0 [0304.799] GetKeyState (nVirtKey=16) returned 0 [0304.799] GetKeyState (nVirtKey=17) returned 0 [0304.799] GetKeyState (nVirtKey=18) returned 0 [0304.799] GetAsyncKeyState (vKey=5) returned 0 [0304.800] GetLastError () returned 0x0 [0304.800] GetKeyState (nVirtKey=16) returned 0 [0304.800] GetKeyState (nVirtKey=17) returned 0 [0304.800] GetKeyState (nVirtKey=18) returned 0 [0304.800] GetAsyncKeyState (vKey=6) returned 0 [0304.800] GetLastError () returned 0x0 [0304.800] GetKeyState (nVirtKey=16) returned 0 [0304.800] GetKeyState (nVirtKey=17) returned 0 [0304.800] GetKeyState (nVirtKey=18) returned 0 [0304.800] GetAsyncKeyState (vKey=7) returned 0 [0304.800] GetLastError () returned 0x0 [0304.800] GetKeyState (nVirtKey=16) returned 0 [0304.800] GetKeyState (nVirtKey=17) returned 0 [0304.800] GetKeyState (nVirtKey=18) returned 0 [0304.800] GetAsyncKeyState (vKey=8) returned 0 [0304.800] GetLastError () returned 0x0 [0304.800] GetKeyState (nVirtKey=16) returned 0 [0304.800] GetKeyState (nVirtKey=17) returned 0 [0304.800] GetKeyState (nVirtKey=18) returned 0 [0304.800] GetAsyncKeyState (vKey=9) returned 0 [0304.800] GetLastError () returned 0x0 [0304.800] GetKeyState (nVirtKey=16) returned 0 [0304.800] GetKeyState (nVirtKey=17) returned 0 [0304.800] GetKeyState (nVirtKey=18) returned 0 [0304.800] GetAsyncKeyState (vKey=10) returned 0 [0304.800] GetLastError () returned 0x0 [0304.800] GetKeyState (nVirtKey=16) returned 0 [0304.800] GetKeyState (nVirtKey=17) returned 0 [0304.800] GetKeyState (nVirtKey=18) returned 0 [0304.800] GetAsyncKeyState (vKey=11) returned 0 [0304.800] GetLastError () returned 0x0 [0304.800] GetKeyState (nVirtKey=16) returned 0 [0304.801] GetKeyState (nVirtKey=17) returned 0 [0304.801] GetKeyState (nVirtKey=18) returned 0 [0304.801] GetAsyncKeyState (vKey=12) returned 0 [0304.801] GetLastError () returned 0x0 [0304.801] GetKeyState (nVirtKey=16) returned 0 [0304.801] GetKeyState (nVirtKey=17) returned 0 [0304.801] GetKeyState (nVirtKey=18) returned 0 [0304.801] GetAsyncKeyState (vKey=13) returned 0 [0304.801] GetLastError () returned 0x0 [0304.801] GetKeyState (nVirtKey=16) returned 0 [0304.801] GetKeyState (nVirtKey=17) returned 0 [0304.801] GetKeyState (nVirtKey=18) returned 0 [0304.801] GetAsyncKeyState (vKey=14) returned 0 [0304.801] GetLastError () returned 0x0 [0304.801] GetKeyState (nVirtKey=16) returned 0 [0304.801] GetKeyState (nVirtKey=17) returned 0 [0304.801] GetKeyState (nVirtKey=18) returned 0 [0304.801] GetAsyncKeyState (vKey=15) returned 0 [0304.801] GetLastError () returned 0x0 [0304.801] GetKeyState (nVirtKey=16) returned 0 [0304.801] GetKeyState (nVirtKey=17) returned 0 [0304.801] GetKeyState (nVirtKey=18) returned 0 [0304.801] GetAsyncKeyState (vKey=16) returned 0 [0304.801] GetLastError () returned 0x0 [0304.801] GetKeyState (nVirtKey=16) returned 0 [0304.801] GetKeyState (nVirtKey=17) returned 0 [0304.801] GetKeyState (nVirtKey=18) returned 0 [0304.801] GetAsyncKeyState (vKey=17) returned 0 [0304.801] GetLastError () returned 0x0 [0304.801] GetKeyState (nVirtKey=16) returned 0 [0304.801] GetKeyState (nVirtKey=17) returned 0 [0304.801] GetKeyState (nVirtKey=18) returned 0 [0304.802] GetAsyncKeyState (vKey=18) returned 0 [0304.802] GetLastError () returned 0x0 [0304.802] GetKeyState (nVirtKey=16) returned 0 [0304.802] GetKeyState (nVirtKey=17) returned 0 [0304.802] GetKeyState (nVirtKey=18) returned 0 [0304.802] GetAsyncKeyState (vKey=19) returned 0 [0304.802] GetLastError () returned 0x0 [0304.802] GetKeyState (nVirtKey=16) returned 0 [0304.802] GetKeyState (nVirtKey=17) returned 0 [0304.802] GetKeyState (nVirtKey=18) returned 0 [0304.802] GetAsyncKeyState (vKey=20) returned 0 [0304.802] GetLastError () returned 0x0 [0304.802] GetKeyState (nVirtKey=16) returned 0 [0304.802] GetKeyState (nVirtKey=17) returned 0 [0304.802] GetKeyState (nVirtKey=18) returned 0 [0304.802] GetAsyncKeyState (vKey=21) returned 0 [0304.802] GetLastError () returned 0x0 [0304.802] GetKeyState (nVirtKey=16) returned 0 [0304.802] GetKeyState (nVirtKey=17) returned 0 [0304.802] GetKeyState (nVirtKey=18) returned 0 [0304.802] GetAsyncKeyState (vKey=22) returned 0 [0304.802] GetLastError () returned 0x0 [0304.802] GetKeyState (nVirtKey=16) returned 0 [0304.802] GetKeyState (nVirtKey=17) returned 0 [0304.802] GetKeyState (nVirtKey=18) returned 0 [0304.802] GetAsyncKeyState (vKey=23) returned 0 [0304.802] GetLastError () returned 0x0 [0304.802] GetKeyState (nVirtKey=16) returned 0 [0304.803] GetKeyState (nVirtKey=17) returned 0 [0304.803] GetKeyState (nVirtKey=18) returned 0 [0304.803] GetAsyncKeyState (vKey=24) returned 0 [0304.803] GetLastError () returned 0x0 [0304.803] GetKeyState (nVirtKey=16) returned 0 [0304.803] GetKeyState (nVirtKey=17) returned 0 [0304.803] GetKeyState (nVirtKey=18) returned 0 [0304.803] GetAsyncKeyState (vKey=25) returned 0 [0304.803] GetLastError () returned 0x0 [0304.803] GetKeyState (nVirtKey=16) returned 0 [0304.803] GetKeyState (nVirtKey=17) returned 0 [0304.803] GetKeyState (nVirtKey=18) returned 0 [0304.803] GetAsyncKeyState (vKey=26) returned 0 [0304.803] GetLastError () returned 0x0 [0304.803] GetKeyState (nVirtKey=16) returned 0 [0304.803] GetKeyState (nVirtKey=17) returned 0 [0304.803] GetKeyState (nVirtKey=18) returned 0 [0304.803] GetAsyncKeyState (vKey=27) returned 0 [0304.803] GetLastError () returned 0x0 [0304.803] GetKeyState (nVirtKey=16) returned 0 [0304.803] GetKeyState (nVirtKey=17) returned 0 [0304.803] GetKeyState (nVirtKey=18) returned 0 [0304.803] GetAsyncKeyState (vKey=28) returned 0 [0304.803] GetLastError () returned 0x0 [0304.803] GetKeyState (nVirtKey=16) returned 0 [0304.803] GetKeyState (nVirtKey=17) returned 0 [0304.803] GetKeyState (nVirtKey=18) returned 0 [0304.803] GetAsyncKeyState (vKey=29) returned 0 [0304.803] GetLastError () returned 0x0 [0304.803] GetKeyState (nVirtKey=16) returned 0 [0304.803] GetKeyState (nVirtKey=17) returned 0 [0304.803] GetKeyState (nVirtKey=18) returned 0 [0304.804] GetAsyncKeyState (vKey=30) returned 0 [0304.804] GetLastError () returned 0x0 [0304.804] GetKeyState (nVirtKey=16) returned 0 [0304.804] GetKeyState (nVirtKey=17) returned 0 [0304.804] GetKeyState (nVirtKey=18) returned 0 [0304.804] GetAsyncKeyState (vKey=31) returned 0 [0304.804] GetLastError () returned 0x0 [0304.804] GetKeyState (nVirtKey=16) returned 0 [0304.804] GetKeyState (nVirtKey=17) returned 0 [0304.804] GetKeyState (nVirtKey=18) returned 0 [0304.804] GetAsyncKeyState (vKey=32) returned 0 [0304.804] GetLastError () returned 0x0 [0304.804] GetKeyState (nVirtKey=16) returned 0 [0304.804] GetKeyState (nVirtKey=17) returned 0 [0304.804] GetKeyState (nVirtKey=18) returned 0 [0304.804] GetAsyncKeyState (vKey=33) returned 0 [0304.804] GetLastError () returned 0x0 [0304.804] GetKeyState (nVirtKey=16) returned 0 [0304.804] GetKeyState (nVirtKey=17) returned 0 [0304.804] GetKeyState (nVirtKey=18) returned 0 [0304.804] GetAsyncKeyState (vKey=34) returned 0 [0304.804] GetLastError () returned 0x0 [0304.804] GetKeyState (nVirtKey=16) returned 0 [0304.804] GetKeyState (nVirtKey=17) returned 0 [0304.804] GetKeyState (nVirtKey=18) returned 0 [0304.804] GetAsyncKeyState (vKey=35) returned 0 [0304.805] GetLastError () returned 0x0 [0304.805] GetKeyState (nVirtKey=16) returned 0 [0304.805] GetKeyState (nVirtKey=17) returned 0 [0304.805] GetKeyState (nVirtKey=18) returned 0 [0304.805] GetAsyncKeyState (vKey=36) returned 0 [0304.805] GetLastError () returned 0x0 [0304.805] GetKeyState (nVirtKey=16) returned 0 [0304.805] GetKeyState (nVirtKey=17) returned 0 [0304.805] GetKeyState (nVirtKey=18) returned 0 [0304.805] GetAsyncKeyState (vKey=37) returned 0 [0304.805] GetLastError () returned 0x0 [0304.805] GetKeyState (nVirtKey=16) returned 0 [0304.805] GetKeyState (nVirtKey=17) returned 0 [0304.805] GetKeyState (nVirtKey=18) returned 0 [0304.805] GetAsyncKeyState (vKey=38) returned 0 [0304.805] GetLastError () returned 0x0 [0304.805] GetKeyState (nVirtKey=16) returned 0 [0304.805] GetKeyState (nVirtKey=17) returned 0 [0304.805] GetKeyState (nVirtKey=18) returned 0 [0304.805] GetAsyncKeyState (vKey=39) returned 0 [0304.806] GetLastError () returned 0x0 [0304.806] GetKeyState (nVirtKey=16) returned 0 [0304.806] GetKeyState (nVirtKey=17) returned 0 [0304.806] GetKeyState (nVirtKey=18) returned 0 [0304.806] GetAsyncKeyState (vKey=40) returned 0 [0304.806] GetLastError () returned 0x0 [0304.806] GetKeyState (nVirtKey=16) returned 0 [0304.806] GetKeyState (nVirtKey=17) returned 0 [0304.806] GetKeyState (nVirtKey=18) returned 0 [0304.806] GetAsyncKeyState (vKey=41) returned 0 [0304.806] GetLastError () returned 0x0 [0304.806] GetKeyState (nVirtKey=16) returned 0 [0304.806] GetKeyState (nVirtKey=17) returned 0 [0304.806] GetKeyState (nVirtKey=18) returned 0 [0304.806] GetAsyncKeyState (vKey=42) returned 0 [0304.806] GetLastError () returned 0x0 [0304.806] GetKeyState (nVirtKey=16) returned 0 [0304.806] GetKeyState (nVirtKey=17) returned 0 [0304.806] GetKeyState (nVirtKey=18) returned 0 [0304.806] GetAsyncKeyState (vKey=43) returned 0 [0304.806] GetLastError () returned 0x0 [0304.807] GetKeyState (nVirtKey=16) returned 0 [0304.807] GetKeyState (nVirtKey=17) returned 0 [0304.807] GetKeyState (nVirtKey=18) returned 0 [0304.807] GetAsyncKeyState (vKey=44) returned 0 [0304.807] GetLastError () returned 0x0 [0304.807] GetKeyState (nVirtKey=16) returned 0 [0304.807] GetKeyState (nVirtKey=17) returned 0 [0304.807] GetKeyState (nVirtKey=18) returned 0 [0304.807] GetAsyncKeyState (vKey=45) returned 0 [0304.807] GetLastError () returned 0x0 [0304.807] GetKeyState (nVirtKey=16) returned 0 [0304.807] GetKeyState (nVirtKey=17) returned 0 [0304.807] GetKeyState (nVirtKey=18) returned 0 [0304.807] GetAsyncKeyState (vKey=46) returned 0 [0304.807] GetLastError () returned 0x0 [0304.807] GetKeyState (nVirtKey=16) returned 0 [0304.807] GetKeyState (nVirtKey=17) returned 0 [0304.807] GetKeyState (nVirtKey=18) returned 0 [0304.807] GetAsyncKeyState (vKey=47) returned 0 [0304.807] GetLastError () returned 0x0 [0304.807] GetKeyState (nVirtKey=16) returned 0 [0304.807] GetKeyState (nVirtKey=17) returned 0 [0304.807] GetKeyState (nVirtKey=18) returned 0 [0304.807] GetAsyncKeyState (vKey=48) returned 0 [0304.808] GetLastError () returned 0x0 [0304.808] GetKeyState (nVirtKey=16) returned 0 [0304.808] GetKeyState (nVirtKey=17) returned 0 [0304.808] GetKeyState (nVirtKey=18) returned 0 [0304.808] GetAsyncKeyState (vKey=49) returned 0 [0304.808] GetLastError () returned 0x0 [0304.808] GetKeyState (nVirtKey=16) returned 0 [0304.808] GetKeyState (nVirtKey=17) returned 0 [0304.808] GetKeyState (nVirtKey=18) returned 0 [0304.808] GetAsyncKeyState (vKey=50) returned 0 [0304.808] GetLastError () returned 0x0 [0304.808] GetKeyState (nVirtKey=16) returned 0 [0304.808] GetKeyState (nVirtKey=17) returned 0 [0304.808] GetKeyState (nVirtKey=18) returned 0 [0304.808] GetAsyncKeyState (vKey=51) returned 0 [0304.808] GetLastError () returned 0x0 [0304.808] GetKeyState (nVirtKey=16) returned 0 [0304.808] GetKeyState (nVirtKey=17) returned 0 [0304.808] GetKeyState (nVirtKey=18) returned 0 [0304.808] GetAsyncKeyState (vKey=52) returned 0 [0304.808] GetLastError () returned 0x0 [0304.808] GetKeyState (nVirtKey=16) returned 0 [0304.809] GetKeyState (nVirtKey=17) returned 0 [0304.809] GetKeyState (nVirtKey=18) returned 0 [0304.809] GetAsyncKeyState (vKey=53) returned 0 [0304.809] GetLastError () returned 0x0 [0304.809] GetKeyState (nVirtKey=16) returned 0 [0304.809] GetKeyState (nVirtKey=17) returned 0 [0304.809] GetKeyState (nVirtKey=18) returned 0 [0304.809] GetAsyncKeyState (vKey=54) returned 0 [0304.809] GetLastError () returned 0x0 [0304.809] GetKeyState (nVirtKey=16) returned 0 [0304.809] GetKeyState (nVirtKey=17) returned 0 [0304.809] GetKeyState (nVirtKey=18) returned 0 [0304.809] GetAsyncKeyState (vKey=55) returned 0 [0304.809] GetLastError () returned 0x0 [0304.809] GetKeyState (nVirtKey=16) returned 0 [0304.809] GetKeyState (nVirtKey=17) returned 0 [0304.809] GetKeyState (nVirtKey=18) returned 0 [0304.809] GetAsyncKeyState (vKey=56) returned 0 [0304.809] GetLastError () returned 0x0 [0304.809] GetKeyState (nVirtKey=16) returned 0 [0304.809] GetKeyState (nVirtKey=17) returned 0 [0304.809] GetKeyState (nVirtKey=18) returned 0 [0304.809] GetAsyncKeyState (vKey=57) returned 0 [0304.809] GetLastError () returned 0x0 [0304.810] GetKeyState (nVirtKey=16) returned 0 [0304.810] GetKeyState (nVirtKey=17) returned 0 [0304.810] GetKeyState (nVirtKey=18) returned 0 [0304.810] GetAsyncKeyState (vKey=58) returned 0 [0304.810] GetLastError () returned 0x0 [0304.810] GetKeyState (nVirtKey=16) returned 0 [0304.810] GetKeyState (nVirtKey=17) returned 0 [0304.810] GetKeyState (nVirtKey=18) returned 0 [0304.810] GetAsyncKeyState (vKey=59) returned 0 [0304.810] GetLastError () returned 0x0 [0304.810] GetKeyState (nVirtKey=16) returned 0 [0304.810] GetKeyState (nVirtKey=17) returned 0 [0304.810] GetKeyState (nVirtKey=18) returned 0 [0304.810] GetAsyncKeyState (vKey=60) returned 0 [0304.810] GetLastError () returned 0x0 [0304.810] GetKeyState (nVirtKey=16) returned 0 [0304.810] GetKeyState (nVirtKey=17) returned 0 [0304.810] GetKeyState (nVirtKey=18) returned 0 [0304.810] GetAsyncKeyState (vKey=61) returned 0 [0304.810] GetLastError () returned 0x0 [0304.810] GetKeyState (nVirtKey=16) returned 0 [0304.810] GetKeyState (nVirtKey=17) returned 0 [0304.810] GetKeyState (nVirtKey=18) returned 0 [0304.810] GetAsyncKeyState (vKey=62) returned 0 [0304.811] GetLastError () returned 0x0 [0304.811] GetKeyState (nVirtKey=16) returned 0 [0304.811] GetKeyState (nVirtKey=17) returned 0 [0304.811] GetKeyState (nVirtKey=18) returned 0 [0304.811] GetAsyncKeyState (vKey=63) returned 0 [0304.811] GetLastError () returned 0x0 [0304.811] GetKeyState (nVirtKey=16) returned 0 [0304.811] GetKeyState (nVirtKey=17) returned 0 [0304.811] GetKeyState (nVirtKey=18) returned 0 [0304.811] GetAsyncKeyState (vKey=64) returned 0 [0304.811] GetLastError () returned 0x0 [0304.811] GetKeyState (nVirtKey=16) returned 0 [0304.811] GetKeyState (nVirtKey=17) returned 0 [0304.811] GetKeyState (nVirtKey=18) returned 0 [0304.811] GetAsyncKeyState (vKey=65) returned 0 [0304.811] GetLastError () returned 0x0 [0304.811] GetKeyState (nVirtKey=16) returned 0 [0304.811] GetKeyState (nVirtKey=17) returned 0 [0304.811] GetKeyState (nVirtKey=18) returned 0 [0304.811] GetAsyncKeyState (vKey=66) returned 0 [0304.811] GetLastError () returned 0x0 [0304.811] GetKeyState (nVirtKey=16) returned 0 [0304.811] GetKeyState (nVirtKey=17) returned 0 [0304.812] GetKeyState (nVirtKey=18) returned 0 [0304.812] GetAsyncKeyState (vKey=67) returned 0 [0304.812] GetLastError () returned 0x0 [0304.812] GetKeyState (nVirtKey=16) returned 0 [0304.812] GetKeyState (nVirtKey=17) returned 0 [0304.812] GetKeyState (nVirtKey=18) returned 0 [0304.812] GetAsyncKeyState (vKey=68) returned 0 [0304.812] GetLastError () returned 0x0 [0304.812] GetKeyState (nVirtKey=16) returned 0 [0304.812] GetKeyState (nVirtKey=17) returned 0 [0304.812] GetKeyState (nVirtKey=18) returned 0 [0304.812] GetAsyncKeyState (vKey=69) returned 0 [0304.812] GetLastError () returned 0x0 [0304.812] GetKeyState (nVirtKey=16) returned 0 [0304.812] GetKeyState (nVirtKey=17) returned 0 [0304.812] GetKeyState (nVirtKey=18) returned 0 [0304.812] GetAsyncKeyState (vKey=70) returned 0 [0304.812] GetLastError () returned 0x0 [0304.812] GetKeyState (nVirtKey=16) returned 0 [0304.812] GetKeyState (nVirtKey=17) returned 0 [0304.812] GetKeyState (nVirtKey=18) returned 0 [0304.812] GetAsyncKeyState (vKey=71) returned 0 [0304.812] GetLastError () returned 0x0 [0304.812] GetKeyState (nVirtKey=16) returned 0 [0304.812] GetKeyState (nVirtKey=17) returned 0 [0304.812] GetKeyState (nVirtKey=18) returned 0 [0304.812] GetAsyncKeyState (vKey=72) returned 0 [0304.813] GetLastError () returned 0x0 [0304.813] GetKeyState (nVirtKey=16) returned 0 [0304.813] GetKeyState (nVirtKey=17) returned 0 [0304.813] GetKeyState (nVirtKey=18) returned 0 [0304.813] GetAsyncKeyState (vKey=73) returned 0 [0304.813] GetLastError () returned 0x0 [0304.813] GetKeyState (nVirtKey=16) returned 0 [0304.813] GetKeyState (nVirtKey=17) returned 0 [0304.813] GetKeyState (nVirtKey=18) returned 0 [0304.813] GetAsyncKeyState (vKey=74) returned 0 [0304.813] GetLastError () returned 0x0 [0304.813] GetKeyState (nVirtKey=16) returned 0 [0304.813] GetKeyState (nVirtKey=17) returned 0 [0304.813] GetKeyState (nVirtKey=18) returned 0 [0304.813] GetAsyncKeyState (vKey=75) returned 0 [0304.813] GetLastError () returned 0x0 [0304.813] GetKeyState (nVirtKey=16) returned 0 [0304.813] GetKeyState (nVirtKey=17) returned 0 [0304.813] GetKeyState (nVirtKey=18) returned 0 [0304.813] GetAsyncKeyState (vKey=76) returned 0 [0304.813] GetLastError () returned 0x0 [0304.813] GetKeyState (nVirtKey=16) returned 0 [0304.813] GetKeyState (nVirtKey=17) returned 0 [0304.813] GetKeyState (nVirtKey=18) returned 0 [0304.813] GetAsyncKeyState (vKey=77) returned 0 [0304.813] GetLastError () returned 0x0 [0304.813] GetKeyState (nVirtKey=16) returned 0 [0304.813] GetKeyState (nVirtKey=17) returned 0 [0304.814] GetKeyState (nVirtKey=18) returned 0 [0304.814] GetAsyncKeyState (vKey=78) returned 0 [0304.814] GetLastError () returned 0x0 [0304.814] GetKeyState (nVirtKey=16) returned 0 [0304.814] GetKeyState (nVirtKey=17) returned 0 [0304.814] GetKeyState (nVirtKey=18) returned 0 [0304.814] GetAsyncKeyState (vKey=79) returned 0 [0304.817] GetLastError () returned 0x0 [0304.817] GetKeyState (nVirtKey=16) returned 0 [0304.817] GetKeyState (nVirtKey=17) returned 0 [0304.817] GetKeyState (nVirtKey=18) returned 0 [0304.817] GetAsyncKeyState (vKey=80) returned 0 [0304.818] GetLastError () returned 0x0 [0304.818] GetKeyState (nVirtKey=16) returned 0 [0304.818] GetKeyState (nVirtKey=17) returned 0 [0304.818] GetKeyState (nVirtKey=18) returned 0 [0304.818] GetAsyncKeyState (vKey=81) returned 0 [0304.818] GetLastError () returned 0x0 [0304.818] GetKeyState (nVirtKey=16) returned 0 [0304.818] GetKeyState (nVirtKey=17) returned 0 [0304.818] GetKeyState (nVirtKey=18) returned 0 [0304.818] GetAsyncKeyState (vKey=82) returned 0 [0304.818] GetLastError () returned 0x0 [0304.818] GetKeyState (nVirtKey=16) returned 0 [0304.818] GetKeyState (nVirtKey=17) returned 0 [0304.818] GetKeyState (nVirtKey=18) returned 0 [0304.818] GetAsyncKeyState (vKey=83) returned 0 [0304.818] GetLastError () returned 0x0 [0304.818] GetAsyncKeyState (vKey=84) returned 0 [0304.818] GetLastError () returned 0x0 [0304.818] GetAsyncKeyState (vKey=85) returned 0 [0304.818] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=86) returned 0 [0304.819] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=87) returned 0 [0304.819] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=88) returned 0 [0304.819] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=89) returned 0 [0304.819] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=90) returned 0 [0304.819] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=91) returned 0 [0304.819] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=92) returned 0 [0304.819] GetLastError () returned 0x0 [0304.819] GetAsyncKeyState (vKey=93) returned 0 [0304.820] GetLastError () returned 0x0 [0304.820] GetAsyncKeyState (vKey=94) returned 0 [0304.820] GetLastError () returned 0x0 [0304.820] GetAsyncKeyState (vKey=95) returned 0 [0304.820] GetLastError () returned 0x0 [0304.820] GetAsyncKeyState (vKey=96) returned 0 [0304.820] GetLastError () returned 0x0 [0304.820] GetAsyncKeyState (vKey=97) returned 0 [0304.820] GetLastError () returned 0x0 [0304.820] GetAsyncKeyState (vKey=98) returned 0 [0304.820] GetLastError () returned 0x0 [0304.820] GetAsyncKeyState (vKey=99) returned 0 [0304.820] GetLastError () returned 0x0 [0304.820] GetAsyncKeyState (vKey=100) returned 0 [0304.820] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=101) returned 0 [0304.821] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=102) returned 0 [0304.821] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=103) returned 0 [0304.821] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=104) returned 0 [0304.821] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=105) returned 0 [0304.821] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=106) returned 0 [0304.821] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=107) returned 0 [0304.821] GetLastError () returned 0x0 [0304.821] GetAsyncKeyState (vKey=108) returned 0 [0304.822] GetLastError () returned 0x0 [0304.822] GetAsyncKeyState (vKey=109) returned 0 [0304.822] GetLastError () returned 0x0 [0304.822] GetAsyncKeyState (vKey=110) returned 0 [0304.822] GetLastError () returned 0x0 [0304.822] GetAsyncKeyState (vKey=111) returned 0 [0304.822] GetLastError () returned 0x0 [0304.822] GetAsyncKeyState (vKey=112) returned 0 [0304.822] GetLastError () returned 0x0 [0304.822] GetAsyncKeyState (vKey=113) returned 0 [0304.822] GetLastError () returned 0x0 [0304.822] GetAsyncKeyState (vKey=114) returned 0 [0304.822] GetLastError () returned 0x0 [0304.822] GetAsyncKeyState (vKey=115) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=116) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=117) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=118) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=119) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=120) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=121) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=122) returned 0 [0304.823] GetLastError () returned 0x0 [0304.823] GetAsyncKeyState (vKey=123) returned 0 [0304.824] GetLastError () returned 0x0 [0304.824] GetAsyncKeyState (vKey=124) returned 0 [0304.824] GetLastError () returned 0x0 [0304.824] GetAsyncKeyState (vKey=125) returned 0 [0304.824] GetLastError () returned 0x0 [0304.824] GetAsyncKeyState (vKey=126) returned 0 [0304.824] GetLastError () returned 0x0 [0304.824] GetAsyncKeyState (vKey=127) returned 0 [0304.824] GetLastError () returned 0x0 [0304.824] GetAsyncKeyState (vKey=128) returned 0 [0304.824] GetLastError () returned 0x0 [0304.824] GetAsyncKeyState (vKey=129) returned 0 [0304.824] GetLastError () returned 0x0 [0304.824] GetAsyncKeyState (vKey=130) returned 0 [0304.825] GetLastError () returned 0x0 [0304.825] GetAsyncKeyState (vKey=131) returned 0 [0304.825] GetLastError () returned 0x0 [0304.825] GetAsyncKeyState (vKey=132) returned 0 [0304.825] GetLastError () returned 0x0 [0304.825] GetAsyncKeyState (vKey=133) returned 0 [0304.825] GetLastError () returned 0x0 [0304.825] GetAsyncKeyState (vKey=134) returned 0 [0304.825] GetLastError () returned 0x0 [0304.825] GetAsyncKeyState (vKey=135) returned 0 [0304.825] GetLastError () returned 0x0 [0304.825] GetAsyncKeyState (vKey=136) returned 0 [0304.825] GetLastError () returned 0x0 [0304.825] GetAsyncKeyState (vKey=137) returned 0 [0304.825] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=138) returned 0 [0304.826] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=139) returned 0 [0304.826] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=140) returned 0 [0304.826] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=141) returned 0 [0304.826] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=142) returned 0 [0304.826] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=143) returned 0 [0304.826] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=144) returned 0 [0304.826] GetLastError () returned 0x0 [0304.826] GetAsyncKeyState (vKey=145) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=146) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=147) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=148) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=149) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=150) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=151) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=152) returned 0 [0304.827] GetLastError () returned 0x0 [0304.827] GetAsyncKeyState (vKey=153) returned 0 [0304.828] GetLastError () returned 0x0 [0304.828] GetAsyncKeyState (vKey=154) returned 0 [0304.828] GetLastError () returned 0x0 [0304.828] GetAsyncKeyState (vKey=155) returned 0 [0304.828] GetLastError () returned 0x0 [0304.828] GetAsyncKeyState (vKey=156) returned 0 [0304.828] GetLastError () returned 0x0 [0304.828] GetAsyncKeyState (vKey=157) returned 0 [0304.828] GetLastError () returned 0x0 [0304.828] GetAsyncKeyState (vKey=158) returned 0 [0304.828] GetLastError () returned 0x0 [0304.828] GetAsyncKeyState (vKey=159) returned 0 [0304.828] GetLastError () returned 0x0 [0304.828] GetAsyncKeyState (vKey=160) returned 0 [0304.829] GetLastError () returned 0x0 [0304.829] GetAsyncKeyState (vKey=161) returned 0 [0304.829] GetLastError () returned 0x0 [0304.829] GetAsyncKeyState (vKey=162) returned 0 [0304.829] GetLastError () returned 0x0 [0304.829] GetAsyncKeyState (vKey=163) returned 0 [0304.829] GetLastError () returned 0x0 [0304.829] GetAsyncKeyState (vKey=164) returned 0 [0304.829] GetLastError () returned 0x0 [0304.829] GetAsyncKeyState (vKey=165) returned 0 [0304.829] GetLastError () returned 0x0 [0304.829] GetAsyncKeyState (vKey=166) returned 0 [0304.829] GetLastError () returned 0x0 [0304.829] GetAsyncKeyState (vKey=167) returned 0 [0304.830] GetLastError () returned 0x0 [0304.830] GetAsyncKeyState (vKey=168) returned 0 [0304.830] GetLastError () returned 0x0 [0304.830] GetAsyncKeyState (vKey=169) returned 0 [0304.830] GetLastError () returned 0x0 [0304.830] GetAsyncKeyState (vKey=170) returned 0 [0304.830] GetLastError () returned 0x0 [0304.830] GetAsyncKeyState (vKey=171) returned 0 [0304.830] GetLastError () returned 0x0 [0304.830] GetAsyncKeyState (vKey=172) returned 0 [0304.830] GetLastError () returned 0x0 [0304.830] GetAsyncKeyState (vKey=173) returned 0 [0304.830] GetLastError () returned 0x0 [0304.830] GetAsyncKeyState (vKey=174) returned 0 [0304.830] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=175) returned 0 [0304.831] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=176) returned 0 [0304.831] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=177) returned 0 [0304.831] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=178) returned 0 [0304.831] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=179) returned 0 [0304.831] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=180) returned 0 [0304.831] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=181) returned 0 [0304.831] GetLastError () returned 0x0 [0304.831] GetAsyncKeyState (vKey=182) returned 0 [0304.832] GetLastError () returned 0x0 [0304.832] GetAsyncKeyState (vKey=183) returned 0 [0304.832] GetLastError () returned 0x0 [0304.832] GetAsyncKeyState (vKey=184) returned 0 [0304.832] GetLastError () returned 0x0 [0304.832] GetAsyncKeyState (vKey=185) returned 0 [0304.835] GetLastError () returned 0x0 [0304.835] GetAsyncKeyState (vKey=186) returned 0 [0304.835] GetLastError () returned 0x0 [0304.835] GetAsyncKeyState (vKey=187) returned 0 [0304.835] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=188) returned 0 [0304.836] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=189) returned 0 [0304.836] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=190) returned 0 [0304.836] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=191) returned 0 [0304.836] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=192) returned 0 [0304.836] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=193) returned 0 [0304.836] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=194) returned 0 [0304.836] GetLastError () returned 0x0 [0304.836] GetAsyncKeyState (vKey=195) returned 0 [0304.837] GetLastError () returned 0x0 [0304.837] GetAsyncKeyState (vKey=196) returned 0 [0304.837] GetLastError () returned 0x0 [0304.837] GetAsyncKeyState (vKey=197) returned 0 [0304.837] GetLastError () returned 0x0 [0304.837] GetAsyncKeyState (vKey=198) returned 0 [0304.837] GetLastError () returned 0x0 [0304.837] GetAsyncKeyState (vKey=199) returned 0 [0304.837] GetLastError () returned 0x0 [0304.837] GetAsyncKeyState (vKey=200) returned 0 [0304.837] GetLastError () returned 0x0 [0304.837] GetAsyncKeyState (vKey=201) returned 0 [0304.837] GetLastError () returned 0x0 [0304.837] GetAsyncKeyState (vKey=202) returned 0 [0304.837] GetLastError () returned 0x0 [0304.838] GetAsyncKeyState (vKey=203) returned 0 [0304.838] GetLastError () returned 0x0 [0304.838] GetAsyncKeyState (vKey=204) returned 0 [0304.838] GetLastError () returned 0x0 [0304.838] GetAsyncKeyState (vKey=205) returned 0 [0304.838] GetLastError () returned 0x0 [0304.838] GetAsyncKeyState (vKey=206) returned 0 [0304.838] GetLastError () returned 0x0 [0304.838] GetAsyncKeyState (vKey=207) returned 0 [0304.838] GetLastError () returned 0x0 [0304.838] GetAsyncKeyState (vKey=208) returned 0 [0304.838] GetLastError () returned 0x0 [0304.838] GetAsyncKeyState (vKey=209) returned 0 [0304.838] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=210) returned 0 [0304.839] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=211) returned 0 [0304.839] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=212) returned 0 [0304.839] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=213) returned 0 [0304.839] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=214) returned 0 [0304.839] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=215) returned 0 [0304.839] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=216) returned 0 [0304.839] GetLastError () returned 0x0 [0304.839] GetAsyncKeyState (vKey=217) returned 0 [0304.840] GetLastError () returned 0x0 [0304.840] GetAsyncKeyState (vKey=218) returned 0 [0304.840] GetLastError () returned 0x0 [0304.840] GetAsyncKeyState (vKey=219) returned 0 [0304.840] GetLastError () returned 0x0 [0304.840] GetAsyncKeyState (vKey=220) returned 0 [0304.840] GetLastError () returned 0x0 [0304.840] GetAsyncKeyState (vKey=221) returned 0 [0304.840] GetLastError () returned 0x0 [0304.840] GetAsyncKeyState (vKey=222) returned 0 [0304.840] GetLastError () returned 0x0 [0304.840] GetAsyncKeyState (vKey=223) returned 0 [0304.840] GetLastError () returned 0x0 [0304.840] GetAsyncKeyState (vKey=224) returned 0 [0304.841] GetLastError () returned 0x0 [0304.841] GetAsyncKeyState (vKey=225) returned 0 [0304.841] GetLastError () returned 0x0 [0304.841] GetAsyncKeyState (vKey=226) returned 0 [0304.841] GetLastError () returned 0x0 [0304.841] GetAsyncKeyState (vKey=227) returned 0 [0304.841] GetLastError () returned 0x0 [0304.841] GetAsyncKeyState (vKey=228) returned 0 [0304.841] GetLastError () returned 0x0 [0304.841] GetAsyncKeyState (vKey=229) returned 0 [0304.841] GetLastError () returned 0x0 [0304.841] GetAsyncKeyState (vKey=230) returned 0 [0304.841] GetLastError () returned 0x0 [0304.841] GetAsyncKeyState (vKey=231) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=232) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=233) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=234) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=235) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=236) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=237) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=238) returned 0 [0304.842] GetLastError () returned 0x0 [0304.842] GetAsyncKeyState (vKey=239) returned 0 [0304.843] GetLastError () returned 0x0 [0304.843] GetAsyncKeyState (vKey=240) returned 0 [0304.843] GetLastError () returned 0x0 [0304.843] GetAsyncKeyState (vKey=241) returned 0 [0304.843] GetLastError () returned 0x0 [0304.843] GetAsyncKeyState (vKey=242) returned 0 [0304.843] GetLastError () returned 0x0 [0304.843] GetAsyncKeyState (vKey=243) returned 0 [0304.843] GetLastError () returned 0x0 [0304.843] GetAsyncKeyState (vKey=244) returned 0 [0304.843] GetLastError () returned 0x0 [0304.843] GetAsyncKeyState (vKey=245) returned 0 [0304.843] GetLastError () returned 0x0 [0304.843] GetAsyncKeyState (vKey=246) returned 0 [0304.843] GetLastError () returned 0x0 [0304.844] GetAsyncKeyState (vKey=247) returned 0 [0304.844] GetLastError () returned 0x0 [0304.844] GetAsyncKeyState (vKey=248) returned 0 [0304.844] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.716] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.717] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.718] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.719] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.720] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.721] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.722] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.723] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.724] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.725] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.726] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.727] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.728] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.729] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.730] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0308.731] GetLastError () returned 0x0 [0322.503] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\7657c14284185fbd3fb108b43c7467ba", ulOptions=0x0, samDesired=0x2001f, phkResult=0x528f13c | out: phkResult=0x528f13c*=0x4f8) returned 0x0 [0322.504] RegQueryValueExW (in: hKey=0x4f8, lpValueName="[kl]", lpReserved=0x0, lpType=0x528f194, lpData=0x0, lpcbData=0x528f190*=0x0 | out: lpType=0x528f194*=0x1, lpData=0x0, lpcbData=0x528f190*=0x2) returned 0x0 [0322.504] RegSetValueExW (in: hKey=0x4f8, lpValueName="[kl]", Reserved=0x0, dwType=0x1, lpData="", cbData=0x2 | out: lpData="") returned 0x0 [0322.509] GetAsyncKeyState (vKey=0) returned 0 [0322.509] GetLastError () returned 0x0 [0322.509] GetKeyState (nVirtKey=16) returned 0 [0322.509] GetKeyState (nVirtKey=17) returned 0 [0322.509] GetKeyState (nVirtKey=18) returned 0 [0322.509] GetAsyncKeyState (vKey=1) returned 0 [0322.509] GetLastError () returned 0x0 [0322.509] GetKeyState (nVirtKey=16) returned 0 [0322.509] GetKeyState (nVirtKey=17) returned 0 [0322.509] GetKeyState (nVirtKey=18) returned 0 [0322.509] GetAsyncKeyState (vKey=2) returned 0 [0322.509] GetLastError () returned 0x0 [0322.509] GetKeyState (nVirtKey=16) returned 0 [0322.509] GetKeyState (nVirtKey=17) returned 0 [0322.509] GetKeyState (nVirtKey=18) returned 0 [0322.509] GetAsyncKeyState (vKey=3) returned 0 [0322.509] GetLastError () returned 0x0 [0322.509] GetKeyState (nVirtKey=16) returned 0 [0322.509] GetKeyState (nVirtKey=17) returned 0 [0322.509] GetKeyState (nVirtKey=18) returned 0 [0322.509] GetAsyncKeyState (vKey=4) returned 0 [0322.509] GetLastError () returned 0x0 [0322.509] GetKeyState (nVirtKey=16) returned 0 [0322.509] GetKeyState (nVirtKey=17) returned 0 [0322.509] GetKeyState (nVirtKey=18) returned 0 [0322.509] GetAsyncKeyState (vKey=5) returned 0 [0322.509] GetLastError () returned 0x0 [0322.509] GetKeyState (nVirtKey=16) returned 0 [0322.509] GetKeyState (nVirtKey=17) returned 0 [0322.509] GetKeyState (nVirtKey=18) returned 0 [0322.509] GetAsyncKeyState (vKey=6) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.510] GetAsyncKeyState (vKey=7) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.510] GetAsyncKeyState (vKey=8) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.510] GetAsyncKeyState (vKey=9) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.510] GetAsyncKeyState (vKey=10) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.510] GetAsyncKeyState (vKey=11) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.510] GetAsyncKeyState (vKey=12) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.510] GetAsyncKeyState (vKey=13) returned 0 [0322.510] GetLastError () returned 0x0 [0322.510] GetKeyState (nVirtKey=16) returned 0 [0322.510] GetKeyState (nVirtKey=17) returned 0 [0322.510] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=14) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.511] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=15) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.511] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=16) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.511] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=17) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.511] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=18) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.511] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=19) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.511] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=20) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.511] GetKeyState (nVirtKey=18) returned 0 [0322.511] GetAsyncKeyState (vKey=21) returned 0 [0322.511] GetLastError () returned 0x0 [0322.511] GetKeyState (nVirtKey=16) returned 0 [0322.511] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=22) returned 0 [0322.512] GetLastError () returned 0x0 [0322.512] GetKeyState (nVirtKey=16) returned 0 [0322.512] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=23) returned 0 [0322.512] GetLastError () returned 0x0 [0322.512] GetKeyState (nVirtKey=16) returned 0 [0322.512] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=24) returned 0 [0322.512] GetLastError () returned 0x0 [0322.512] GetKeyState (nVirtKey=16) returned 0 [0322.512] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=25) returned 0 [0322.512] GetLastError () returned 0x0 [0322.512] GetKeyState (nVirtKey=16) returned 0 [0322.512] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=26) returned 0 [0322.512] GetLastError () returned 0x0 [0322.512] GetKeyState (nVirtKey=16) returned 0 [0322.512] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=27) returned 0 [0322.512] GetLastError () returned 0x0 [0322.512] GetKeyState (nVirtKey=16) returned 0 [0322.512] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=28) returned 0 [0322.512] GetLastError () returned 0x0 [0322.512] GetKeyState (nVirtKey=16) returned 0 [0322.512] GetKeyState (nVirtKey=17) returned 0 [0322.512] GetKeyState (nVirtKey=18) returned 0 [0322.512] GetAsyncKeyState (vKey=29) returned 0 [0322.512] GetLastError () returned 0x0 [0322.513] GetKeyState (nVirtKey=16) returned 0 [0322.513] GetKeyState (nVirtKey=17) returned 0 [0322.513] GetKeyState (nVirtKey=18) returned 0 [0322.513] GetAsyncKeyState (vKey=30) returned 0 [0322.513] GetLastError () returned 0x0 [0322.513] GetKeyState (nVirtKey=16) returned 0 [0322.513] GetKeyState (nVirtKey=17) returned 0 [0322.513] GetKeyState (nVirtKey=18) returned 0 [0322.513] GetAsyncKeyState (vKey=31) returned 0 [0322.513] GetLastError () returned 0x0 [0322.513] GetKeyState (nVirtKey=16) returned 0 [0322.513] GetKeyState (nVirtKey=17) returned 0 [0322.513] GetKeyState (nVirtKey=18) returned 0 [0322.513] GetAsyncKeyState (vKey=32) returned 0 [0322.513] GetLastError () returned 0x0 [0322.513] GetKeyState (nVirtKey=16) returned 0 [0322.513] GetKeyState (nVirtKey=17) returned 0 [0322.513] GetKeyState (nVirtKey=18) returned 0 [0322.513] GetAsyncKeyState (vKey=33) returned 0 [0322.513] GetLastError () returned 0x0 [0322.513] GetKeyState (nVirtKey=16) returned 0 [0322.513] GetKeyState (nVirtKey=17) returned 0 [0322.513] GetKeyState (nVirtKey=18) returned 0 [0322.513] GetAsyncKeyState (vKey=34) returned 0 [0322.513] GetLastError () returned 0x0 [0322.513] GetKeyState (nVirtKey=16) returned 0 [0322.513] GetKeyState (nVirtKey=17) returned 0 [0322.513] GetKeyState (nVirtKey=18) returned 0 [0322.513] GetAsyncKeyState (vKey=35) returned 0 [0322.513] GetLastError () returned 0x0 [0322.514] GetKeyState (nVirtKey=16) returned 0 [0322.514] GetKeyState (nVirtKey=17) returned 0 [0322.514] GetKeyState (nVirtKey=18) returned 0 [0322.514] GetAsyncKeyState (vKey=36) returned 0 [0322.514] GetLastError () returned 0x0 [0322.514] GetKeyState (nVirtKey=16) returned 0 [0322.514] GetKeyState (nVirtKey=17) returned 0 [0322.514] GetKeyState (nVirtKey=18) returned 0 [0322.514] GetAsyncKeyState (vKey=37) returned 0 [0322.514] GetLastError () returned 0x0 [0322.514] GetKeyState (nVirtKey=16) returned 0 [0322.514] GetKeyState (nVirtKey=17) returned 0 [0322.514] GetKeyState (nVirtKey=18) returned 0 [0322.514] GetAsyncKeyState (vKey=38) returned 0 [0322.514] GetLastError () returned 0x0 [0322.514] GetKeyState (nVirtKey=16) returned 0 [0322.514] GetKeyState (nVirtKey=17) returned 0 [0322.514] GetKeyState (nVirtKey=18) returned 0 [0322.514] GetAsyncKeyState (vKey=39) returned 0 [0322.514] GetLastError () returned 0x0 [0322.514] GetKeyState (nVirtKey=16) returned 0 [0322.514] GetKeyState (nVirtKey=17) returned 0 [0322.514] GetKeyState (nVirtKey=18) returned 0 [0322.514] GetAsyncKeyState (vKey=40) returned 0 [0322.514] GetLastError () returned 0x0 [0322.514] GetKeyState (nVirtKey=16) returned 0 [0322.514] GetKeyState (nVirtKey=17) returned 0 [0322.514] GetKeyState (nVirtKey=18) returned 0 [0322.514] GetAsyncKeyState (vKey=41) returned 0 [0322.515] GetLastError () returned 0x0 [0322.515] GetKeyState (nVirtKey=16) returned 0 [0322.515] GetKeyState (nVirtKey=17) returned 0 [0322.515] GetKeyState (nVirtKey=18) returned 0 [0322.515] GetAsyncKeyState (vKey=42) returned 0 [0322.515] GetLastError () returned 0x0 [0322.515] GetKeyState (nVirtKey=16) returned 0 [0322.515] GetKeyState (nVirtKey=17) returned 0 [0322.515] GetKeyState (nVirtKey=18) returned 0 [0322.515] GetAsyncKeyState (vKey=43) returned 0 [0322.515] GetLastError () returned 0x0 [0322.515] GetKeyState (nVirtKey=16) returned 0 [0322.515] GetKeyState (nVirtKey=17) returned 0 [0322.515] GetKeyState (nVirtKey=18) returned 0 [0322.515] GetAsyncKeyState (vKey=44) returned 0 [0322.515] GetLastError () returned 0x0 [0322.515] GetKeyState (nVirtKey=16) returned 0 [0322.515] GetKeyState (nVirtKey=17) returned 0 [0322.515] GetKeyState (nVirtKey=18) returned 0 [0322.515] GetAsyncKeyState (vKey=45) returned 0 [0322.515] GetLastError () returned 0x0 [0322.515] GetKeyState (nVirtKey=16) returned 0 [0322.515] GetKeyState (nVirtKey=17) returned 0 [0322.515] GetKeyState (nVirtKey=18) returned 0 [0322.515] GetAsyncKeyState (vKey=46) returned 0 [0322.515] GetLastError () returned 0x0 [0322.515] GetKeyState (nVirtKey=16) returned 0 [0322.515] GetKeyState (nVirtKey=17) returned 0 [0322.515] GetKeyState (nVirtKey=18) returned 0 [0322.515] GetAsyncKeyState (vKey=47) returned 0 [0322.516] GetLastError () returned 0x0 [0322.516] GetKeyState (nVirtKey=16) returned 0 [0322.516] GetKeyState (nVirtKey=17) returned 0 [0322.516] GetKeyState (nVirtKey=18) returned 0 [0322.516] GetAsyncKeyState (vKey=48) returned 0 [0322.516] GetLastError () returned 0x0 [0322.516] GetKeyState (nVirtKey=16) returned 0 [0322.516] GetKeyState (nVirtKey=17) returned 0 [0322.516] GetKeyState (nVirtKey=18) returned 0 [0322.516] GetAsyncKeyState (vKey=49) returned 0 [0322.516] GetLastError () returned 0x0 [0322.516] GetKeyState (nVirtKey=16) returned 0 [0322.516] GetKeyState (nVirtKey=17) returned 0 [0322.516] GetKeyState (nVirtKey=18) returned 0 [0322.516] GetAsyncKeyState (vKey=50) returned 0 [0322.516] GetLastError () returned 0x0 [0322.516] GetKeyState (nVirtKey=16) returned 0 [0322.516] GetKeyState (nVirtKey=17) returned 0 [0322.516] GetKeyState (nVirtKey=18) returned 0 [0322.516] GetAsyncKeyState (vKey=51) returned 0 [0322.516] GetLastError () returned 0x0 [0322.516] GetKeyState (nVirtKey=16) returned 0 [0322.516] GetKeyState (nVirtKey=17) returned 0 [0322.516] GetKeyState (nVirtKey=18) returned 0 [0322.516] GetAsyncKeyState (vKey=52) returned 0 [0322.516] GetLastError () returned 0x0 [0322.516] GetKeyState (nVirtKey=16) returned 0 [0322.516] GetKeyState (nVirtKey=17) returned 0 [0322.516] GetKeyState (nVirtKey=18) returned 0 [0322.516] GetAsyncKeyState (vKey=53) returned 0 [0322.517] GetLastError () returned 0x0 [0322.517] GetKeyState (nVirtKey=16) returned 0 [0322.517] GetKeyState (nVirtKey=17) returned 0 [0322.517] GetKeyState (nVirtKey=18) returned 0 [0322.517] GetAsyncKeyState (vKey=54) returned 0 [0322.517] GetLastError () returned 0x0 [0322.517] GetKeyState (nVirtKey=16) returned 0 [0322.517] GetKeyState (nVirtKey=17) returned 0 [0322.517] GetKeyState (nVirtKey=18) returned 0 [0322.517] GetAsyncKeyState (vKey=55) returned 0 [0322.517] GetLastError () returned 0x0 [0322.517] GetKeyState (nVirtKey=16) returned 0 [0322.517] GetKeyState (nVirtKey=17) returned 0 [0322.517] GetKeyState (nVirtKey=18) returned 0 [0322.517] GetAsyncKeyState (vKey=56) returned 0 [0322.517] GetLastError () returned 0x0 [0322.517] GetKeyState (nVirtKey=16) returned 0 [0322.517] GetKeyState (nVirtKey=17) returned 0 [0322.517] GetKeyState (nVirtKey=18) returned 0 [0322.517] GetAsyncKeyState (vKey=57) returned 0 [0322.517] GetLastError () returned 0x0 [0322.517] GetKeyState (nVirtKey=16) returned 0 [0322.517] GetKeyState (nVirtKey=17) returned 0 [0322.517] GetKeyState (nVirtKey=18) returned 0 [0322.517] GetAsyncKeyState (vKey=58) returned 0 [0322.517] GetLastError () returned 0x0 [0322.517] GetKeyState (nVirtKey=16) returned 0 [0322.517] GetKeyState (nVirtKey=17) returned 0 [0322.517] GetKeyState (nVirtKey=18) returned 0 [0322.518] GetAsyncKeyState (vKey=59) returned 0 [0322.518] GetLastError () returned 0x0 [0322.518] GetKeyState (nVirtKey=16) returned 0 [0322.518] GetKeyState (nVirtKey=17) returned 0 [0322.518] GetKeyState (nVirtKey=18) returned 0 [0322.518] GetAsyncKeyState (vKey=60) returned 0 [0322.518] GetLastError () returned 0x0 [0322.518] GetKeyState (nVirtKey=16) returned 0 [0322.518] GetKeyState (nVirtKey=17) returned 0 [0322.518] GetKeyState (nVirtKey=18) returned 0 [0322.518] GetAsyncKeyState (vKey=61) returned 0 [0322.518] GetLastError () returned 0x0 [0322.518] GetKeyState (nVirtKey=16) returned 0 [0322.518] GetKeyState (nVirtKey=17) returned 0 [0322.518] GetKeyState (nVirtKey=18) returned 0 [0322.518] GetAsyncKeyState (vKey=62) returned 0 [0322.518] GetLastError () returned 0x0 [0322.518] GetKeyState (nVirtKey=16) returned 0 [0322.518] GetKeyState (nVirtKey=17) returned 0 [0322.518] GetKeyState (nVirtKey=18) returned 0 [0322.518] GetAsyncKeyState (vKey=63) returned 0 [0322.518] GetLastError () returned 0x0 [0322.518] GetKeyState (nVirtKey=16) returned 0 [0322.518] GetKeyState (nVirtKey=17) returned 0 [0322.518] GetKeyState (nVirtKey=18) returned 0 [0322.518] GetAsyncKeyState (vKey=64) returned 0 [0322.518] GetLastError () returned 0x0 [0322.518] GetKeyState (nVirtKey=16) returned 0 [0322.518] GetKeyState (nVirtKey=17) returned 0 [0322.518] GetKeyState (nVirtKey=18) returned 0 [0322.519] GetAsyncKeyState (vKey=65) returned 0 [0322.519] GetLastError () returned 0x0 [0322.519] GetKeyState (nVirtKey=16) returned 0 [0322.519] GetKeyState (nVirtKey=17) returned 0 [0322.519] GetKeyState (nVirtKey=18) returned 0 [0322.519] GetAsyncKeyState (vKey=66) returned 0 [0322.519] GetLastError () returned 0x0 [0322.519] GetKeyState (nVirtKey=16) returned 0 [0322.519] GetKeyState (nVirtKey=17) returned 0 [0322.519] GetKeyState (nVirtKey=18) returned 0 [0322.519] GetAsyncKeyState (vKey=67) returned 0 [0322.519] GetLastError () returned 0x0 [0322.519] GetKeyState (nVirtKey=16) returned 0 [0322.519] GetKeyState (nVirtKey=17) returned 0 [0322.519] GetKeyState (nVirtKey=18) returned 0 [0322.519] GetAsyncKeyState (vKey=68) returned 0 [0322.519] GetLastError () returned 0x0 [0322.519] GetKeyState (nVirtKey=16) returned 0 [0322.519] GetKeyState (nVirtKey=17) returned 0 [0322.519] GetKeyState (nVirtKey=18) returned 0 [0322.519] GetAsyncKeyState (vKey=69) returned 0 [0322.519] GetLastError () returned 0x0 [0322.519] GetKeyState (nVirtKey=16) returned 0 [0322.519] GetKeyState (nVirtKey=17) returned 0 [0322.519] GetKeyState (nVirtKey=18) returned 0 [0322.519] GetAsyncKeyState (vKey=70) returned 0 [0322.519] GetLastError () returned 0x0 [0322.519] GetKeyState (nVirtKey=16) returned 0 [0322.519] GetKeyState (nVirtKey=17) returned 0 [0322.519] GetKeyState (nVirtKey=18) returned 0 [0322.520] GetAsyncKeyState (vKey=71) returned 0 [0322.520] GetLastError () returned 0x0 [0322.520] GetKeyState (nVirtKey=16) returned 0 [0322.520] GetKeyState (nVirtKey=17) returned 0 [0322.520] GetKeyState (nVirtKey=18) returned 0 [0322.520] GetAsyncKeyState (vKey=72) returned 0 [0322.520] GetLastError () returned 0x0 [0322.520] GetKeyState (nVirtKey=16) returned 0 [0322.520] GetKeyState (nVirtKey=17) returned 0 [0322.520] GetKeyState (nVirtKey=18) returned 0 [0322.520] GetAsyncKeyState (vKey=73) returned 0 [0322.520] GetLastError () returned 0x0 [0322.520] GetKeyState (nVirtKey=16) returned 0 [0322.520] GetKeyState (nVirtKey=17) returned 0 [0322.520] GetKeyState (nVirtKey=18) returned 0 [0322.520] GetAsyncKeyState (vKey=74) returned 0 [0322.520] GetLastError () returned 0x0 [0322.520] GetKeyState (nVirtKey=16) returned 0 [0322.520] GetKeyState (nVirtKey=17) returned 0 [0322.520] GetKeyState (nVirtKey=18) returned 0 [0322.520] GetAsyncKeyState (vKey=75) returned 0 [0322.520] GetLastError () returned 0x0 [0322.520] GetKeyState (nVirtKey=16) returned 0 [0322.520] GetKeyState (nVirtKey=17) returned 0 [0322.520] GetKeyState (nVirtKey=18) returned 0 [0322.520] GetAsyncKeyState (vKey=76) returned 0 [0322.520] GetLastError () returned 0x0 [0322.520] GetKeyState (nVirtKey=16) returned 0 [0322.520] GetKeyState (nVirtKey=17) returned 0 [0322.520] GetKeyState (nVirtKey=18) returned 0 [0322.521] GetAsyncKeyState (vKey=77) returned 0 [0322.521] GetLastError () returned 0x0 [0322.521] GetKeyState (nVirtKey=16) returned 0 [0322.521] GetKeyState (nVirtKey=17) returned 0 [0322.521] GetKeyState (nVirtKey=18) returned 0 [0322.521] GetAsyncKeyState (vKey=78) returned 0 [0322.521] GetLastError () returned 0x0 [0322.521] GetKeyState (nVirtKey=16) returned 0 [0322.521] GetKeyState (nVirtKey=17) returned 0 [0322.521] GetKeyState (nVirtKey=18) returned 0 [0322.521] GetAsyncKeyState (vKey=79) returned 0 [0322.521] GetLastError () returned 0x0 [0322.521] GetKeyState (nVirtKey=16) returned 0 [0322.521] GetKeyState (nVirtKey=17) returned 0 [0322.521] GetKeyState (nVirtKey=18) returned 0 [0322.521] GetAsyncKeyState (vKey=80) returned 0 [0322.521] GetLastError () returned 0x0 [0322.521] GetKeyState (nVirtKey=16) returned 0 [0322.521] GetKeyState (nVirtKey=17) returned 0 [0322.521] GetKeyState (nVirtKey=18) returned 0 [0322.521] GetAsyncKeyState (vKey=81) returned 0 [0322.521] GetLastError () returned 0x0 [0322.521] GetKeyState (nVirtKey=16) returned 0 [0322.521] GetKeyState (nVirtKey=17) returned 0 [0322.521] GetKeyState (nVirtKey=18) returned 0 [0322.521] GetAsyncKeyState (vKey=82) returned 0 [0322.521] GetLastError () returned 0x0 [0322.521] GetKeyState (nVirtKey=16) returned 0 [0322.521] GetKeyState (nVirtKey=17) returned 0 [0322.521] GetKeyState (nVirtKey=18) returned 0 [0322.522] GetAsyncKeyState (vKey=83) returned 0 [0322.522] GetLastError () returned 0x0 [0322.544] GetAsyncKeyState (vKey=0) returned 0 [0322.544] GetLastError () returned 0x0 [0322.555] GetAsyncKeyState (vKey=0) returned 0 [0322.555] GetLastError () returned 0x0 [0322.572] GetAsyncKeyState (vKey=0) returned 0 [0322.572] GetLastError () returned 0x0 [0322.587] GetAsyncKeyState (vKey=0) returned 0 [0322.587] GetLastError () returned 0x0 [0322.610] GetAsyncKeyState (vKey=0) returned 0 [0322.610] GetLastError () returned 0x0 [0322.618] GetAsyncKeyState (vKey=0) returned 0 [0322.618] GetLastError () returned 0x0 [0322.637] GetAsyncKeyState (vKey=0) returned 0 [0322.638] GetLastError () returned 0x0 [0322.649] GetAsyncKeyState (vKey=0) returned 0 [0322.649] GetLastError () returned 0x0 [0322.665] GetAsyncKeyState (vKey=0) returned 0 [0322.665] GetLastError () returned 0x0 [0322.680] GetAsyncKeyState (vKey=0) returned 0 [0322.680] GetLastError () returned 0x0 [0322.712] GetAsyncKeyState (vKey=0) returned 0 [0322.712] GetLastError () returned 0x0 [0322.728] GetAsyncKeyState (vKey=0) returned 0 [0322.728] GetLastError () returned 0x0 [0322.743] GetAsyncKeyState (vKey=0) returned 0 [0322.743] GetLastError () returned 0x0 [0322.758] GetAsyncKeyState (vKey=0) returned 0 [0322.758] GetLastError () returned 0x0 [0322.774] GetAsyncKeyState (vKey=0) returned 0 [0322.774] GetLastError () returned 0x0 [0322.790] GetAsyncKeyState (vKey=0) returned 0 [0322.790] GetLastError () returned 0x0 [0322.805] GetAsyncKeyState (vKey=0) returned 0 [0322.805] GetLastError () returned 0x0 [0322.823] GetAsyncKeyState (vKey=0) returned 0 [0322.823] GetLastError () returned 0x0 [0322.837] GetAsyncKeyState (vKey=0) returned 0 [0322.837] GetLastError () returned 0x0 [0322.852] GetAsyncKeyState (vKey=0) returned 0 [0322.852] GetLastError () returned 0x0 [0322.875] GetAsyncKeyState (vKey=0) returned 0 [0322.875] GetLastError () returned 0x0 [0322.890] GetAsyncKeyState (vKey=0) returned 0 [0322.890] GetLastError () returned 0x0 [0322.899] GetAsyncKeyState (vKey=0) returned 0 [0322.899] GetLastError () returned 0x0 [0322.920] GetAsyncKeyState (vKey=0) returned 0 [0322.920] GetLastError () returned 0x0 [0322.946] GetAsyncKeyState (vKey=0) returned 0 [0322.946] GetLastError () returned 0x0 [0322.963] GetAsyncKeyState (vKey=0) returned 0 [0322.963] GetLastError () returned 0x0 [0322.983] GetAsyncKeyState (vKey=0) returned 0 [0322.983] GetLastError () returned 0x0 [0322.993] GetAsyncKeyState (vKey=0) returned 0 [0322.993] GetLastError () returned 0x0 [0323.008] GetAsyncKeyState (vKey=0) returned 0 [0323.008] GetLastError () returned 0x0 [0323.024] GetAsyncKeyState (vKey=0) returned 0 [0323.024] GetLastError () returned 0x0 [0323.041] GetAsyncKeyState (vKey=0) returned 0 [0323.041] GetLastError () returned 0x0 [0323.055] GetAsyncKeyState (vKey=0) returned 0 [0323.055] GetLastError () returned 0x0 Thread: id = 48 os_tid = 0x334 Thread: id = 49 os_tid = 0x32c Thread: id = 50 os_tid = 0x404 Process: id = "6" image_name = "server.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe" page_root = "0xb763000" os_pid = "0xb7c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0xb40" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" .." cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f23a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1421 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1422 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1423 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1424 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1425 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1426 start_va = 0x470000 end_va = 0x47bfff monitored = 1 entry_point = 0x47747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 1427 start_va = 0x480000 end_va = 0x481fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1428 start_va = 0x77980000 end_va = 0x77afafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1429 start_va = 0x7ec70000 end_va = 0x7ec92fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ec70000" filename = "" Region: id = 1430 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1431 start_va = 0x7fff0000 end_va = 0x7ffa34c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1432 start_va = 0x7ffa34c50000 end_va = 0x7ffa34e10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1433 start_va = 0x7ffa34e11000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa34e11000" filename = "" Region: id = 1436 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1437 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1438 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1439 start_va = 0x400000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1440 start_va = 0x5b630000 end_va = 0x5b67ffff monitored = 0 entry_point = 0x5b648180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1441 start_va = 0x5b680000 end_va = 0x5b6f9fff monitored = 0 entry_point = 0x5b693290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1442 start_va = 0x74e00000 end_va = 0x74edffff monitored = 0 entry_point = 0x74e13980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1443 start_va = 0x5b620000 end_va = 0x5b627fff monitored = 0 entry_point = 0x5b6217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1444 start_va = 0x490000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1445 start_va = 0x74640000 end_va = 0x74698fff monitored = 1 entry_point = 0x74650780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1446 start_va = 0x74e00000 end_va = 0x74edffff monitored = 0 entry_point = 0x74e13980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1447 start_va = 0x75250000 end_va = 0x753cdfff monitored = 0 entry_point = 0x75301b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1448 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1449 start_va = 0x7eb70000 end_va = 0x7ec6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007eb70000" filename = "" Region: id = 1450 start_va = 0x480000 end_va = 0x53dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1451 start_va = 0x6e0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1454 start_va = 0x540000 end_va = 0x543fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1455 start_va = 0x5e0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1456 start_va = 0x75c90000 end_va = 0x75d0afff monitored = 0 entry_point = 0x75cae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1457 start_va = 0x777c0000 end_va = 0x7787dfff monitored = 0 entry_point = 0x777f5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1458 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1459 start_va = 0x6e0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 1460 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 1461 start_va = 0x751b0000 end_va = 0x751f3fff monitored = 0 entry_point = 0x751c9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1462 start_va = 0x75850000 end_va = 0x758fcfff monitored = 0 entry_point = 0x75864f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1463 start_va = 0x746b0000 end_va = 0x746cdfff monitored = 0 entry_point = 0x746bb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1464 start_va = 0x746a0000 end_va = 0x746a9fff monitored = 0 entry_point = 0x746a2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1465 start_va = 0x759b0000 end_va = 0x75a07fff monitored = 0 entry_point = 0x759f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1466 start_va = 0x820000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 1467 start_va = 0x74330000 end_va = 0x743acfff monitored = 1 entry_point = 0x74340db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1468 start_va = 0x75200000 end_va = 0x75244fff monitored = 0 entry_point = 0x7521de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1469 start_va = 0x75550000 end_va = 0x7570cfff monitored = 0 entry_point = 0x75632a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1470 start_va = 0x75060000 end_va = 0x751aefff monitored = 0 entry_point = 0x75116820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1471 start_va = 0x75ac0000 end_va = 0x75c06fff monitored = 0 entry_point = 0x75ad1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1472 start_va = 0x550000 end_va = 0x579fff monitored = 0 entry_point = 0x555680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1473 start_va = 0x820000 end_va = 0x9a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 1474 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1475 start_va = 0x75d10000 end_va = 0x75d3afff monitored = 0 entry_point = 0x75d15680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1476 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1477 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1478 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1479 start_va = 0xa20000 end_va = 0xba0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 1480 start_va = 0xbb0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bb0000" filename = "" Region: id = 1481 start_va = 0x550000 end_va = 0x555fff monitored = 1 entry_point = 0x55747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 1482 start_va = 0x75a10000 end_va = 0x75a1bfff monitored = 0 entry_point = 0x75a13930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1483 start_va = 0x74320000 end_va = 0x74327fff monitored = 0 entry_point = 0x743217b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1484 start_va = 0x1fb0000 end_va = 0x255ffff monitored = 1 entry_point = 0x1ffa848 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 1485 start_va = 0x1fb0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 1486 start_va = 0x73d70000 end_va = 0x7431ffff monitored = 1 entry_point = 0x73dba848 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 1487 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1488 start_va = 0x73b80000 end_va = 0x73c1afff monitored = 0 entry_point = 0x73b8232b region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9193_none_d09188224426efcd\\msvcr80.dll") Region: id = 1489 start_va = 0x550000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1491 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1492 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1493 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1494 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1495 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1496 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1497 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1498 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1499 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1500 start_va = 0x9b0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 1501 start_va = 0x20b0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 1503 start_va = 0x75e30000 end_va = 0x7722efff monitored = 0 entry_point = 0x75feb990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1504 start_va = 0x75970000 end_va = 0x759a6fff monitored = 0 entry_point = 0x75973b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1505 start_va = 0x748f0000 end_va = 0x74de8fff monitored = 0 entry_point = 0x74af7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1506 start_va = 0x74fd0000 end_va = 0x7505cfff monitored = 0 entry_point = 0x75019b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1507 start_va = 0x75710000 end_va = 0x75753fff monitored = 0 entry_point = 0x75717410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1508 start_va = 0x75900000 end_va = 0x7590efff monitored = 0 entry_point = 0x75902e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1509 start_va = 0x7e0000 end_va = 0x7e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 1510 start_va = 0x21b0000 end_va = 0x24e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1511 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1512 start_va = 0x24f0000 end_va = 0x44effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 1513 start_va = 0x1fb0000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 1514 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 1515 start_va = 0x2050000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1516 start_va = 0x44f0000 end_va = 0x45effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044f0000" filename = "" Region: id = 1519 start_va = 0x73080000 end_va = 0x73b79fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\c4a3e0e914e73a68c0072e3064b48767\\mscorlib.ni.dll") Region: id = 1520 start_va = 0x75d40000 end_va = 0x75e2afff monitored = 0 entry_point = 0x75d7d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1521 start_va = 0x45f0000 end_va = 0x4680fff monitored = 0 entry_point = 0x4628cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1522 start_va = 0x743b0000 end_va = 0x74424fff monitored = 0 entry_point = 0x743e9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1523 start_va = 0x45f0000 end_va = 0x46effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045f0000" filename = "" Region: id = 1524 start_va = 0x7f0000 end_va = 0x7f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 1526 start_va = 0x800000 end_va = 0x805fff monitored = 1 entry_point = 0x80747e region_type = mapped_file name = "server.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\server.exe") Region: id = 1527 start_va = 0x72ea0000 end_va = 0x72efafff monitored = 1 entry_point = 0x72ee9010 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 1528 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1529 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1530 start_va = 0x9f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 1531 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1532 start_va = 0x46f0000 end_va = 0x4795fff monitored = 0 entry_point = 0x477e14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1533 start_va = 0x45f0000 end_va = 0x4695fff monitored = 0 entry_point = 0x467e14e region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\8.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.visualbasic\\8.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1534 start_va = 0x46e0000 end_va = 0x46effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046e0000" filename = "" Region: id = 1535 start_va = 0x46a0000 end_va = 0x46dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1536 start_va = 0x4c70000 end_va = 0x513dfff monitored = 0 entry_point = 0x50ec76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 1537 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1538 start_va = 0x47a0000 end_va = 0x4c6dfff monitored = 0 entry_point = 0x4c1c76e region_type = mapped_file name = "system.windows.forms.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.windows.forms\\2.0.0.0__b77a5c561934e089\\system.windows.forms.dll") Region: id = 1539 start_va = 0x72420000 end_va = 0x72bc2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\2dcc35955cda7c1279cec70d8a3ac1c1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\2dcc35955cda7c1279cec70d8a3ac1c1\\system.ni.dll") Region: id = 1540 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 1541 start_va = 0x5140000 end_va = 0x5144fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 1542 start_va = 0x5150000 end_va = 0x5190fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 1543 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 1545 start_va = 0x51a0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 1546 start_va = 0x51e0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 1547 start_va = 0x52e0000 end_va = 0x531ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 1548 start_va = 0x5320000 end_va = 0x541ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 1549 start_va = 0x5420000 end_va = 0x545ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 1550 start_va = 0x5460000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 1551 start_va = 0x5560000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005560000" filename = "" Region: id = 1552 start_va = 0x55a0000 end_va = 0x569ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Thread: id = 30 os_tid = 0xb80 [0212.281] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x5efc38, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfb8, lpName="Global\\Cor_Private_IPCBlock_2940") returned 0x10c [0212.282] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x5efdb8, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x134, lpName="Global\\Cor_Public_IPCBlock_2940") returned 0x114 [0212.771] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0212.970] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0212.970] GetLastError () returned 0x2 [0212.978] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0212.978] GetLastError () returned 0x2 [0212.981] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x18e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0212.981] GetLastError () returned 0x2 [0212.987] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x18e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0212.987] GetLastError () returned 0x2 [0212.987] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x18e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0212.987] GetLastError () returned 0x2 [0212.994] GetVersionExW (in: lpVersionInformation=0x6179b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6179b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0212.994] GetLastError () returned 0x2 [0212.995] GetVersionExW (in: lpVersionInformation=0x6179b0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6179b0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0212.995] GetLastError () returned 0x2 [0212.995] CreateFileMappingW (hFile=0x240, lpFileMappingAttributes=0x18e878, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x244 [0213.040] CreateFileMappingW (hFile=0x244, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x240 [0213.149] CreateFileMappingW (hFile=0x250, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x254 [0213.358] CreateFileMappingW (hFile=0x258, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x25c [0213.731] CreateFileMappingW (hFile=0x260, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x264 [0213.743] CreateFileMappingW (hFile=0x268, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x26c [0213.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0213.758] GetLastError () returned 0x0 [0213.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", nBufferLength=0x105, lpBuffer=0x18e1f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe", lpFilePart=0x0) returned 0x33 [0213.758] GetLastError () returned 0x0 [0213.970] lstrlenW (lpString="䅁") returned 1 [0213.972] GetVersionExW (in: lpVersionInformation=0x618038*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x618038*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0213.972] GetLastError () returned 0x0 [0214.148] RegQueryValueExW (in: hKey=0x80000001, lpValueName="di", lpReserved=0x0, lpType=0x18ede8, lpData=0x0, lpcbData=0x18ede4*=0x0 | out: lpType=0x18ede8*=0x1, lpData=0x0, lpcbData=0x18ede4*=0x4) returned 0x0 [0214.150] RegSetValueExW (in: hKey=0x80000001, lpValueName="di", Reserved=0x0, dwType=0x1, lpData="!", cbData=0x4 | out: lpData="!") returned 0x0 [0219.170] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="7657c14284185fbd3fb108b43c7467ba") returned 0x270 [0219.170] GetLastError () returned 0xb7 [0219.421] CoGetContextToken (in: pToken=0x18eca8 | out: pToken=0x18eca8) returned 0x0 [0219.421] CObjectContext::QueryInterface () returned 0x0 [0219.421] CObjectContext::GetCurrentThreadType () returned 0x0 [0219.421] Release () returned 0x0 [0219.426] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x5e26e0*=0x120, lpdwindex=0x18eb14 | out: lpdwindex=0x18eb14) returned 0x0 Thread: id = 31 os_tid = 0xb84 Thread: id = 32 os_tid = 0xb94 Thread: id = 33 os_tid = 0xb98 [0212.873] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0219.483] CloseHandle (hObject=0x270) returned 1 [0219.483] GetLastError () returned 0x0 [0219.484] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 34 os_tid = 0x60c Thread: id = 35 os_tid = 0x5e4 Thread: id = 36 os_tid = 0x604 Thread: id = 37 os_tid = 0x608 Process: id = "7" image_name = "netsh.exe" filename = "c:\\windows\\syswow64\\netsh.exe" page_root = "0x1d58000" os_pid = "0x804" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xb38" cmd_line = "netsh firewall add allowedprogram \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe\" \"server.exe\" ENABLE" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f23a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1554 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1555 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1556 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1557 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1558 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1559 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1560 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1561 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1562 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1563 start_va = 0xcd0000 end_va = 0xcedfff monitored = 1 entry_point = 0xcd9980 region_type = mapped_file name = "netsh.exe" filename = "\\Windows\\SysWOW64\\netsh.exe" (normalized: "c:\\windows\\syswow64\\netsh.exe") Region: id = 1564 start_va = 0xcf0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 1565 start_va = 0x77980000 end_va = 0x77afafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1566 start_va = 0x7f060000 end_va = 0x7f082fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f060000" filename = "" Region: id = 1567 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1568 start_va = 0x7fff0000 end_va = 0x7dfa34c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1569 start_va = 0x7dfa34c50000 end_va = 0x7ffa34c4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfa34c50000" filename = "" Region: id = 1570 start_va = 0x7ffa34c50000 end_va = 0x7ffa34e10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1571 start_va = 0x7ffa34e11000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa34e11000" filename = "" Region: id = 1572 start_va = 0x400000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1573 start_va = 0x5b630000 end_va = 0x5b67ffff monitored = 0 entry_point = 0x5b648180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1574 start_va = 0x5b680000 end_va = 0x5b6f9fff monitored = 0 entry_point = 0x5b693290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1575 start_va = 0x74e00000 end_va = 0x74edffff monitored = 0 entry_point = 0x74e13980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1576 start_va = 0x5b620000 end_va = 0x5b627fff monitored = 0 entry_point = 0x5b6217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1577 start_va = 0x600000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1578 start_va = 0x74e00000 end_va = 0x74edffff monitored = 0 entry_point = 0x74e13980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1579 start_va = 0x75250000 end_va = 0x753cdfff monitored = 0 entry_point = 0x75301b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1580 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1581 start_va = 0x7ef60000 end_va = 0x7f05ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ef60000" filename = "" Region: id = 1660 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1661 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1662 start_va = 0x777c0000 end_va = 0x7787dfff monitored = 0 entry_point = 0x777f5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1663 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1664 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1665 start_va = 0x680000 end_va = 0x683fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1666 start_va = 0x770000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1667 start_va = 0x75760000 end_va = 0x757f1fff monitored = 0 entry_point = 0x75798cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1668 start_va = 0x75550000 end_va = 0x7570cfff monitored = 0 entry_point = 0x75632a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1669 start_va = 0x75850000 end_va = 0x758fcfff monitored = 0 entry_point = 0x75864f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1670 start_va = 0x746b0000 end_va = 0x746cdfff monitored = 0 entry_point = 0x746bb640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1671 start_va = 0x746a0000 end_va = 0x746a9fff monitored = 0 entry_point = 0x746a2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1672 start_va = 0x759b0000 end_va = 0x75a07fff monitored = 0 entry_point = 0x759f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1673 start_va = 0x751b0000 end_va = 0x751f3fff monitored = 0 entry_point = 0x751c9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1674 start_va = 0x870000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 1675 start_va = 0x870000 end_va = 0x959fff monitored = 0 entry_point = 0x8ad650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1676 start_va = 0x9a0000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 1677 start_va = 0x75a10000 end_va = 0x75a1bfff monitored = 0 entry_point = 0x75a13930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1678 start_va = 0x74630000 end_va = 0x7463afff monitored = 0 entry_point = 0x74634150 region_type = mapped_file name = "ifmon.dll" filename = "\\Windows\\SysWOW64\\ifmon.dll" (normalized: "c:\\windows\\syswow64\\ifmon.dll") Region: id = 1679 start_va = 0x746d0000 end_va = 0x7472efff monitored = 0 entry_point = 0x746d4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1680 start_va = 0x75970000 end_va = 0x759a6fff monitored = 0 entry_point = 0x75973b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1681 start_va = 0x74600000 end_va = 0x7462efff monitored = 0 entry_point = 0x7460bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1682 start_va = 0x745b0000 end_va = 0x745fffff monitored = 0 entry_point = 0x745f13b0 region_type = mapped_file name = "rasmontr.dll" filename = "\\Windows\\SysWOW64\\rasmontr.dll" (normalized: "c:\\windows\\syswow64\\rasmontr.dll") Region: id = 1683 start_va = 0x75c90000 end_va = 0x75d0afff monitored = 0 entry_point = 0x75cae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1684 start_va = 0x75ac0000 end_va = 0x75c06fff monitored = 0 entry_point = 0x75ad1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1685 start_va = 0x75060000 end_va = 0x751aefff monitored = 0 entry_point = 0x75116820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1686 start_va = 0x74530000 end_va = 0x745a5fff monitored = 0 entry_point = 0x745936a0 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\SysWOW64\\mprapi.dll" (normalized: "c:\\windows\\syswow64\\mprapi.dll") Region: id = 1687 start_va = 0x74480000 end_va = 0x74524fff monitored = 0 entry_point = 0x7449ac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 1688 start_va = 0x74430000 end_va = 0x74476fff monitored = 0 entry_point = 0x744458d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1689 start_va = 0x73d40000 end_va = 0x73d62fff monitored = 0 entry_point = 0x73d45570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 1690 start_va = 0x72f40000 end_va = 0x73071fff monitored = 1 entry_point = 0x72f7c0e0 region_type = mapped_file name = "mfc42u.dll" filename = "\\Windows\\SysWOW64\\mfc42u.dll" (normalized: "c:\\windows\\syswow64\\mfc42u.dll") Region: id = 1691 start_va = 0x75d40000 end_va = 0x75e2afff monitored = 0 entry_point = 0x75d7d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1692 start_va = 0x73d20000 end_va = 0x73d3afff monitored = 0 entry_point = 0x73d29050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1693 start_va = 0x73c80000 end_va = 0x73d18fff monitored = 0 entry_point = 0x73cb8470 region_type = mapped_file name = "odbc32.dll" filename = "\\Windows\\SysWOW64\\odbc32.dll" (normalized: "c:\\windows\\syswow64\\odbc32.dll") Region: id = 1694 start_va = 0x73c70000 end_va = 0x73c77fff monitored = 0 entry_point = 0x73c71d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1695 start_va = 0x690000 end_va = 0x6b9fff monitored = 0 entry_point = 0x695680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1696 start_va = 0x9b0000 end_va = 0xb37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 1697 start_va = 0x75d10000 end_va = 0x75d3afff monitored = 0 entry_point = 0x75d15680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1698 start_va = 0xb40000 end_va = 0xcc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 1699 start_va = 0x4cf0000 end_va = 0x60effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cf0000" filename = "" Region: id = 1700 start_va = 0x690000 end_va = 0x694fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netsh.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\netsh.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\netsh.exe.mui") Region: id = 1701 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1702 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1703 start_va = 0x6a0000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 1704 start_va = 0x720000 end_va = 0x727fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mfc42u.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\MFC42u.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mfc42u.dll.mui") Region: id = 1705 start_va = 0x72e40000 end_va = 0x72e9bfff monitored = 0 entry_point = 0x72e886c0 region_type = mapped_file name = "authfwcfg.dll" filename = "\\Windows\\SysWOW64\\authfwcfg.dll" (normalized: "c:\\windows\\syswow64\\authfwcfg.dll") Region: id = 1706 start_va = 0x75c30000 end_va = 0x75c8dfff monitored = 0 entry_point = 0x75c47470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 1707 start_va = 0x73c40000 end_va = 0x73c6cfff monitored = 0 entry_point = 0x73c4c010 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\SysWOW64\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\syswow64\\fwpolicyiomgr.dll") Region: id = 1708 start_va = 0x72f10000 end_va = 0x72f3bfff monitored = 0 entry_point = 0x72f25ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 1709 start_va = 0x73c30000 end_va = 0x73c36fff monitored = 0 entry_point = 0x73c32060 region_type = mapped_file name = "dhcpcmonitor.dll" filename = "\\Windows\\SysWOW64\\dhcpcmonitor.dll" (normalized: "c:\\windows\\syswow64\\dhcpcmonitor.dll") Region: id = 1710 start_va = 0x72e20000 end_va = 0x72e33fff monitored = 0 entry_point = 0x72e23c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1711 start_va = 0x747c0000 end_va = 0x747c6fff monitored = 0 entry_point = 0x747c1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1712 start_va = 0x72e00000 end_va = 0x72e12fff monitored = 0 entry_point = 0x72e025d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1713 start_va = 0x72de0000 end_va = 0x72df1fff monitored = 0 entry_point = 0x72dec8d0 region_type = mapped_file name = "dot3cfg.dll" filename = "\\Windows\\SysWOW64\\dot3cfg.dll" (normalized: "c:\\windows\\syswow64\\dot3cfg.dll") Region: id = 1714 start_va = 0x72dc0000 end_va = 0x72dd8fff monitored = 0 entry_point = 0x72dd0530 region_type = mapped_file name = "dot3api.dll" filename = "\\Windows\\SysWOW64\\dot3api.dll" (normalized: "c:\\windows\\syswow64\\dot3api.dll") Region: id = 1715 start_va = 0x72d80000 end_va = 0x72db9fff monitored = 0 entry_point = 0x72da8740 region_type = mapped_file name = "onex.dll" filename = "\\Windows\\SysWOW64\\onex.dll" (normalized: "c:\\windows\\syswow64\\onex.dll") Region: id = 1716 start_va = 0x72d30000 end_va = 0x72d79fff monitored = 0 entry_point = 0x72d3a280 region_type = mapped_file name = "eappcfg.dll" filename = "\\Windows\\SysWOW64\\eappcfg.dll" (normalized: "c:\\windows\\syswow64\\eappcfg.dll") Region: id = 1717 start_va = 0x72d10000 end_va = 0x72d27fff monitored = 0 entry_point = 0x72d14820 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 1718 start_va = 0x72cf0000 end_va = 0x72d00fff monitored = 0 entry_point = 0x72cfa1f0 region_type = mapped_file name = "eappprxy.dll" filename = "\\Windows\\SysWOW64\\eappprxy.dll" (normalized: "c:\\windows\\syswow64\\eappprxy.dll") Region: id = 1719 start_va = 0x730000 end_va = 0x733fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1720 start_va = 0x73c20000 end_va = 0x73c2efff monitored = 0 entry_point = 0x73c292a0 region_type = mapped_file name = "fwcfg.dll" filename = "\\Windows\\SysWOW64\\fwcfg.dll" (normalized: "c:\\windows\\syswow64\\fwcfg.dll") Region: id = 1721 start_va = 0x72f00000 end_va = 0x72f07fff monitored = 0 entry_point = 0x72f028a0 region_type = mapped_file name = "hnetmon.dll" filename = "\\Windows\\SysWOW64\\hnetmon.dll" (normalized: "c:\\windows\\syswow64\\hnetmon.dll") Region: id = 1722 start_va = 0x72180000 end_va = 0x72411fff monitored = 0 entry_point = 0x7218e710 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\SysWOW64\\netshell.dll" (normalized: "c:\\windows\\syswow64\\netshell.dll") Region: id = 1723 start_va = 0x75200000 end_va = 0x75244fff monitored = 0 entry_point = 0x7521de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1724 start_va = 0x75e30000 end_va = 0x7722efff monitored = 0 entry_point = 0x75feb990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1725 start_va = 0x748f0000 end_va = 0x74de8fff monitored = 0 entry_point = 0x74af7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1726 start_va = 0x74fd0000 end_va = 0x7505cfff monitored = 0 entry_point = 0x75019b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1727 start_va = 0x75710000 end_va = 0x75753fff monitored = 0 entry_point = 0x75717410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1728 start_va = 0x75900000 end_va = 0x7590efff monitored = 0 entry_point = 0x75902e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1729 start_va = 0x72cd0000 end_va = 0x72ce3fff monitored = 0 entry_point = 0x72cd5a40 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 1730 start_va = 0x72ca0000 end_va = 0x72ccefff monitored = 0 entry_point = 0x72cc3330 region_type = mapped_file name = "netiohlp.dll" filename = "\\Windows\\SysWOW64\\netiohlp.dll" (normalized: "c:\\windows\\syswow64\\netiohlp.dll") Region: id = 1731 start_va = 0x72c10000 end_va = 0x72c93fff monitored = 0 entry_point = 0x72c36530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1732 start_va = 0x72c00000 end_va = 0x72c07fff monitored = 0 entry_point = 0x72c01fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1733 start_va = 0x72bf0000 end_va = 0x72bfafff monitored = 0 entry_point = 0x72bf6010 region_type = mapped_file name = "nshhttp.dll" filename = "\\Windows\\SysWOW64\\nshhttp.dll" (normalized: "c:\\windows\\syswow64\\nshhttp.dll") Region: id = 1734 start_va = 0x72be0000 end_va = 0x72beafff monitored = 0 entry_point = 0x72be1b60 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\SysWOW64\\httpapi.dll" (normalized: "c:\\windows\\syswow64\\httpapi.dll") Region: id = 1735 start_va = 0x72110000 end_va = 0x72172fff monitored = 0 entry_point = 0x72166c70 region_type = mapped_file name = "nshipsec.dll" filename = "\\Windows\\SysWOW64\\nshipsec.dll" (normalized: "c:\\windows\\syswow64\\nshipsec.dll") Region: id = 1736 start_va = 0x753d0000 end_va = 0x75547fff monitored = 0 entry_point = 0x75428a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1737 start_va = 0x777b0000 end_va = 0x777bdfff monitored = 0 entry_point = 0x777b5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1738 start_va = 0x74f50000 end_va = 0x74fa2fff monitored = 0 entry_point = 0x74f70a10 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1739 start_va = 0x720f0000 end_va = 0x72108fff monitored = 0 entry_point = 0x720f47e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1740 start_va = 0x720b0000 end_va = 0x720eafff monitored = 0 entry_point = 0x720b7e00 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\SysWOW64\\activeds.dll" (normalized: "c:\\windows\\syswow64\\activeds.dll") Region: id = 1741 start_va = 0x72060000 end_va = 0x720aafff monitored = 0 entry_point = 0x7209fa00 region_type = mapped_file name = "polstore.dll" filename = "\\Windows\\SysWOW64\\polstore.dll" (normalized: "c:\\windows\\syswow64\\polstore.dll") Region: id = 1742 start_va = 0x72040000 end_va = 0x72053fff monitored = 0 entry_point = 0x7204e400 region_type = mapped_file name = "winipsec.dll" filename = "\\Windows\\SysWOW64\\winipsec.dll" (normalized: "c:\\windows\\syswow64\\winipsec.dll") Region: id = 1743 start_va = 0x72000000 end_va = 0x72037fff monitored = 0 entry_point = 0x7201d280 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\SysWOW64\\adsldpc.dll" (normalized: "c:\\windows\\syswow64\\adsldpc.dll") Region: id = 1744 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 1745 start_va = 0x71f60000 end_va = 0x71ff0fff monitored = 0 entry_point = 0x71fd20a0 region_type = mapped_file name = "nshwfp.dll" filename = "\\Windows\\SysWOW64\\nshwfp.dll" (normalized: "c:\\windows\\syswow64\\nshwfp.dll") Region: id = 1746 start_va = 0x71f30000 end_va = 0x71f50fff monitored = 0 entry_point = 0x71f3bdb0 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll") Region: id = 1747 start_va = 0x870000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 1748 start_va = 0x71ef0000 end_va = 0x71f20fff monitored = 0 entry_point = 0x71f17170 region_type = mapped_file name = "p2pnetsh.dll" filename = "\\Windows\\SysWOW64\\p2pnetsh.dll" (normalized: "c:\\windows\\syswow64\\p2pnetsh.dll") Region: id = 1749 start_va = 0x71ec0000 end_va = 0x71eeffff monitored = 0 entry_point = 0x71ee4320 region_type = mapped_file name = "p2p.dll" filename = "\\Windows\\SysWOW64\\P2P.dll" (normalized: "c:\\windows\\syswow64\\p2p.dll") Region: id = 1750 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1751 start_va = 0x72bd0000 end_va = 0x72bdafff monitored = 0 entry_point = 0x72bd5490 region_type = mapped_file name = "rpcnsh.dll" filename = "\\Windows\\SysWOW64\\rpcnsh.dll" (normalized: "c:\\windows\\syswow64\\rpcnsh.dll") Region: id = 1752 start_va = 0x71eb0000 end_va = 0x71eb6fff monitored = 0 entry_point = 0x71eb1e10 region_type = mapped_file name = "whhelper.dll" filename = "\\Windows\\SysWOW64\\whhelper.dll" (normalized: "c:\\windows\\syswow64\\whhelper.dll") Region: id = 1753 start_va = 0x71e10000 end_va = 0x71eaafff monitored = 0 entry_point = 0x71e4f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1754 start_va = 0x71dd0000 end_va = 0x71e0cfff monitored = 0 entry_point = 0x71e004f0 region_type = mapped_file name = "wlancfg.dll" filename = "\\Windows\\SysWOW64\\wlancfg.dll" (normalized: "c:\\windows\\syswow64\\wlancfg.dll") Region: id = 1755 start_va = 0x71db0000 end_va = 0x71dc2fff monitored = 0 entry_point = 0x71db9950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1756 start_va = 0x71d60000 end_va = 0x71dacfff monitored = 0 entry_point = 0x71d6d930 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\SysWOW64\\wlanapi.dll" (normalized: "c:\\windows\\syswow64\\wlanapi.dll") Region: id = 1757 start_va = 0x71d30000 end_va = 0x71d59fff monitored = 0 entry_point = 0x71d4ee70 region_type = mapped_file name = "wifidisplay.dll" filename = "\\Windows\\SysWOW64\\WiFiDisplay.dll" (normalized: "c:\\windows\\syswow64\\wifidisplay.dll") Region: id = 1758 start_va = 0x71d00000 end_va = 0x71d21fff monitored = 0 entry_point = 0x71d091f0 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 1759 start_va = 0x71cf0000 end_va = 0x71cf7fff monitored = 0 entry_point = 0x71cf2d80 region_type = mapped_file name = "wshelper.dll" filename = "\\Windows\\SysWOW64\\wshelper.dll" (normalized: "c:\\windows\\syswow64\\wshelper.dll") Region: id = 1760 start_va = 0x71ca0000 end_va = 0x71ceefff monitored = 0 entry_point = 0x71cad850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1761 start_va = 0x71c50000 end_va = 0x71c9cfff monitored = 0 entry_point = 0x71c66930 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\SysWOW64\\wevtapi.dll" (normalized: "c:\\windows\\syswow64\\wevtapi.dll") Region: id = 1762 start_va = 0x71bf0000 end_va = 0x71c4afff monitored = 0 entry_point = 0x71c3dbe0 region_type = mapped_file name = "peerdistsh.dll" filename = "\\Windows\\SysWOW64\\PeerDistSh.dll" (normalized: "c:\\windows\\syswow64\\peerdistsh.dll") Region: id = 1763 start_va = 0x71be0000 end_va = 0x71be8fff monitored = 0 entry_point = 0x71be1310 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\SysWOW64\\ktmw32.dll" (normalized: "c:\\windows\\syswow64\\ktmw32.dll") Region: id = 1764 start_va = 0x743b0000 end_va = 0x74424fff monitored = 0 entry_point = 0x743e9a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1765 start_va = 0x60f0000 end_va = 0x620ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060f0000" filename = "" Region: id = 1766 start_va = 0x740000 end_va = 0x750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwcfg.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\fwcfg.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\fwcfg.dll.mui") Region: id = 1767 start_va = 0x760000 end_va = 0x769fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "p2pnetsh.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\p2pnetsh.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\p2pnetsh.dll.mui") Region: id = 1768 start_va = 0x71bc0000 end_va = 0x71bdafff monitored = 0 entry_point = 0x71bc5020 region_type = mapped_file name = "wcmapi.dll" filename = "\\Windows\\SysWOW64\\wcmapi.dll" (normalized: "c:\\windows\\syswow64\\wcmapi.dll") Region: id = 1769 start_va = 0x71ba0000 end_va = 0x71bbefff monitored = 0 entry_point = 0x71bac120 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\SysWOW64\\rmclient.dll" (normalized: "c:\\windows\\syswow64\\rmclient.dll") Region: id = 1770 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1771 start_va = 0x60f0000 end_va = 0x61effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060f0000" filename = "" Region: id = 1772 start_va = 0x6200000 end_va = 0x620ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 1773 start_va = 0x71b80000 end_va = 0x71b9efff monitored = 0 entry_point = 0x71b88a90 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 1774 start_va = 0x6210000 end_va = 0x630ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006210000" filename = "" Region: id = 1775 start_va = 0x6310000 end_va = 0x6646fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1776 start_va = 0x870000 end_va = 0x870fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 1777 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1778 start_va = 0x74730000 end_va = 0x747b3fff monitored = 0 entry_point = 0x74756220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1779 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 1780 start_va = 0x530000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1781 start_va = 0x530000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1782 start_va = 0x530000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1783 start_va = 0x530000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1784 start_va = 0x530000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1785 start_va = 0x6650000 end_va = 0x674ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006650000" filename = "" Thread: id = 38 os_tid = 0x5e8 [0222.212] GetModuleHandleA (lpModuleName=0x0) returned 0xcd0000 [0222.212] __set_app_type (_Type=0x1) [0222.212] __p__fmode () returned 0x77874d6c [0222.212] __p__commode () returned 0x77875b1c [0222.212] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xcd9bb0) returned 0x0 [0222.213] __wgetmainargs (in: _Argc=0xce33e8, _Argv=0xce33ec, _Env=0xce33f0, _DoWildCard=0, _StartInfo=0xce33fc | out: _Argc=0xce33e8, _Argv=0xce33ec, _Env=0xce33f0) returned 0 [0222.214] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0222.214] GetModuleHandleW (lpModuleName=0x0) returned 0xcd0000 [0222.214] _vsnwprintf (in: _Buffer=0xce4ae0, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x187918 | out: _Buffer="netsh>") returned 6 [0222.214] GetProcessHeap () returned 0x770000 [0222.214] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x770598 [0222.214] GetProcessHeap () returned 0x770000 [0222.214] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776ce0 [0222.214] GetProcessHeap () returned 0x770000 [0222.214] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x777340 [0222.214] GetProcessHeap () returned 0x770000 [0222.214] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776f78 [0222.214] GetProcessHeap () returned 0x770000 [0222.214] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776f88 [0222.214] GetProcessHeap () returned 0x770000 [0222.214] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776d40 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776d50 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776d60 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776d70 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776d80 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776d90 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776da0 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776970 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776980 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x776990 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778ed0 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f40 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778ef0 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f00 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778ec0 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778fd0 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778e70 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778ea0 [0222.215] GetProcessHeap () returned 0x770000 [0222.215] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778eb0 [0222.215] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778ee0 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778e90 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778e80 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f10 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f20 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f30 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f90 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f80 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778fb0 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778fe0 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f50 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f60 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778ff0 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778e60 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778f70 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778fa0 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778fc0 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779000 [0222.216] GetProcessHeap () returned 0x770000 [0222.216] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778e30 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778e40 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x778e50 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779260 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779280 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779270 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7792b0 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7793e0 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779390 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7792e0 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7792c0 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779290 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7792d0 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779240 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779360 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7793a0 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779330 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779310 [0222.217] GetProcessHeap () returned 0x770000 [0222.217] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779370 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7793b0 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779350 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779250 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779400 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779340 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779380 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7793c0 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7793d0 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7793f0 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7792f0 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7792a0 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779300 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779320 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779070 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779180 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7790d0 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779050 [0222.218] GetProcessHeap () returned 0x770000 [0222.218] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7791d0 [0222.218] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7790f0 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779040 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7790a0 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7790e0 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779100 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779060 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7791e0 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7791f0 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779230 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779080 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779220 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779090 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779200 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779190 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7790b0 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7791a0 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779170 [0222.219] GetProcessHeap () returned 0x770000 [0222.219] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7790c0 [0222.219] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7791b0 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7791c0 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779210 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779150 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779110 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779160 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779120 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779130 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779140 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779508 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7795b8 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7794f8 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779608 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779568 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7794b8 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779468 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779618 [0222.220] GetProcessHeap () returned 0x770000 [0222.220] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779588 [0222.220] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779638 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779548 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779518 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779498 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7794c8 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779448 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779478 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779488 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7794a8 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779628 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779458 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7795c8 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7794d8 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7794e8 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779528 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779578 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7795d8 [0222.221] GetProcessHeap () returned 0x770000 [0222.221] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7795a8 [0222.221] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779538 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779598 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779558 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7795e8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7795f8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7797e8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779708 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7797c8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7796d8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7796e8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7796b8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7797d8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779718 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7796f8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7797f8 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779798 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779808 [0222.222] GetProcessHeap () returned 0x770000 [0222.222] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779728 [0222.222] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7797a8 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779738 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779748 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779778 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779658 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779688 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7796a8 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779788 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779758 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779768 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7797b8 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779668 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7796c8 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779648 [0222.223] GetProcessHeap () returned 0x770000 [0222.223] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779678 [0222.223] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779698 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b40 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779a50 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779c00 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b10 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779bb0 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779aa0 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b70 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779ab0 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779bd0 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779af0 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b90 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779c10 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b60 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779a90 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779a70 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b50 [0222.224] GetProcessHeap () returned 0x770000 [0222.224] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b00 [0222.224] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779ac0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779bc0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b30 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779bf0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b80 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779ba0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779a60 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779be0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779a80 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779ad0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779ae0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779b20 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7798a0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779890 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7798d0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7798e0 [0222.225] GetProcessHeap () returned 0x770000 [0222.225] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7798b0 [0222.225] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7799e0 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779900 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779950 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779910 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779990 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779980 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779920 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7798f0 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7799a0 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x779870 [0222.226] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0222.226] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x14) returned 0x7769a0 [0222.226] memcpy (in: _Dst=0x7769a0, _Src=0x0, _Size=0x0 | out: _Dst=0x7769a0) returned 0x7769a0 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x2) returned 0x779930 [0222.226] GetProcessHeap () returned 0x770000 [0222.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x14) returned 0x7769c0 [0222.226] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0222.227] GetProcessHeap () returned 0x770000 [0222.227] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.227] GetProcessHeap () returned 0x770000 [0222.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x776708 [0222.227] memcpy (in: _Dst=0x776708, _Src=0x0, _Size=0x0 | out: _Dst=0x776708) returned 0x776708 [0222.227] GetProcessHeap () returned 0x770000 [0222.227] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.227] GetProcessHeap () returned 0x770000 [0222.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x7768a8 [0222.227] memcpy (in: _Dst=0x7768a8, _Src=0x776708, _Size=0x48 | out: _Dst=0x7768a8) returned 0x7768a8 [0222.227] GetProcessHeap () returned 0x770000 [0222.227] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776708) returned 1 [0222.227] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-0.dll", hFile=0x0, dwFlags=0x8) returned 0x75a10000 [0222.230] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x187910 | out: phkResult=0x187910*=0xcc) returned 0x0 [0222.230] RegQueryInfoKeyW (in: hKey=0xcc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18790c, lpcbMaxValueNameLen=0x187904, lpcbMaxValueLen=0x187908, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x18790c*=0x11, lpcbMaxValueNameLen=0x187904, lpcbMaxValueLen=0x187908, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0222.230] GetProcessHeap () returned 0x770000 [0222.230] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x16) returned 0x776760 [0222.230] GetProcessHeap () returned 0x770000 [0222.230] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x23) returned 0x7728c8 [0222.230] RegEnumValueW (in: hKey=0xcc, dwIndex=0x0, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="2", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.231] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0222.231] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0222.231] GetProcessHeap () returned 0x770000 [0222.231] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x28) returned 0x7728f8 [0222.231] memcpy (in: _Dst=0x7728f8, _Src=0x7769a0, _Size=0x14 | out: _Dst=0x7728f8) returned 0x7728f8 [0222.231] GetProcessHeap () returned 0x770000 [0222.231] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x4) returned 0x779940 [0222.231] GetProcessHeap () returned 0x770000 [0222.231] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x14) returned 0x776dc8 [0222.231] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0222.231] GetProcessHeap () returned 0x770000 [0222.231] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7769a0) returned 1 [0222.231] LoadLibraryExW (lpLibFileName="IFMON.DLL", hFile=0x0, dwFlags=0x0) returned 0x74630000 [0222.243] GetProcAddress (hModule=0x74630000, lpProcName="InitHelperDll") returned 0x74631ab0 [0222.243] InitHelperDll () returned 0x0 [0222.263] RegisterHelper () returned 0x0 [0222.263] GetProcessHeap () returned 0x770000 [0222.263] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd8) returned 0x7814f0 [0222.263] memcpy (in: _Dst=0x7814f0, _Src=0x7768a8, _Size=0x90 | out: _Dst=0x7814f0) returned 0x7814f0 [0222.263] GetProcessHeap () returned 0x770000 [0222.264] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7768a8) returned 1 [0222.264] RegEnumValueW (in: hKey=0xcc, dwIndex=0x1, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="4", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.264] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0222.264] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0222.264] GetProcessHeap () returned 0x770000 [0222.264] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x3c) returned 0x779c88 [0222.264] memcpy (in: _Dst=0x779c88, _Src=0x7728f8, _Size=0x28 | out: _Dst=0x779c88) returned 0x779c88 [0222.264] GetProcessHeap () returned 0x770000 [0222.264] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x4) returned 0x779a10 [0222.264] GetProcessHeap () returned 0x770000 [0222.264] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1a) returned 0x7803d8 [0222.264] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0222.264] GetProcessHeap () returned 0x770000 [0222.264] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7728f8) returned 1 [0222.264] LoadLibraryExW (lpLibFileName="RASMONTR.DLL", hFile=0x0, dwFlags=0x0) returned 0x745b0000 [0222.345] LoadLibraryExA (lpLibFileName="MSVCRT.DLL", hFile=0x0, dwFlags=0x800) returned 0x777c0000 [0222.346] GetVersion () returned 0x295a000a [0222.346] SetErrorMode (uMode=0x0) returned 0x0 [0222.346] SetErrorMode (uMode=0x8001) returned 0x0 [0222.346] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x7851f0 [0222.347] LocalFree (hMem=0x7851f0) returned 0x0 [0222.347] GetVersion () returned 0x295a000a [0222.348] GlobalLock (hMem=0x6a0004) returned 0x7851f0 [0222.349] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x785300 [0222.349] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x781e68 [0222.349] LocalAlloc (uFlags=0x0, uBytes=0x8) returned 0x7799f0 [0222.349] malloc (_Size=0x80) returned 0x9a3b38 [0222.349] __dllonexit () returned 0x72f86fa0 [0222.349] __dllonexit () returned 0x72f86f40 [0222.349] __dllonexit () returned 0x72f86f60 [0222.350] __dllonexit () returned 0x72f86f80 [0222.350] __dllonexit () returned 0x72f61650 [0222.350] __dllonexit () returned 0x72f61640 [0222.350] __dllonexit () returned 0x72f61680 [0222.350] __dllonexit () returned 0x72f616d0 [0222.350] __dllonexit () returned 0x72f617b0 [0222.350] __dllonexit () returned 0x72f617d0 [0222.350] __dllonexit () returned 0x72f61830 [0222.350] __dllonexit () returned 0x72f618f0 [0222.351] __dllonexit () returned 0x72f61700 [0222.351] __dllonexit () returned 0x72f87000 [0222.351] __dllonexit () returned 0x72f61720 [0222.351] __dllonexit () returned 0x72f618a0 [0222.351] __dllonexit () returned 0x72f618c0 [0222.351] __dllonexit () returned 0x72f61910 [0222.351] __dllonexit () returned 0x72f61950 [0222.351] __dllonexit () returned 0x72f61940 [0222.351] __dllonexit () returned 0x72f61970 [0222.351] __dllonexit () returned 0x72f61990 [0222.352] __dllonexit () returned 0x72f619c0 [0222.352] __dllonexit () returned 0x72f61a40 [0222.352] __dllonexit () returned 0x72f61560 [0222.352] __dllonexit () returned 0x72f61570 [0222.352] __dllonexit () returned 0x72f61550 [0222.354] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc14e [0222.354] __dllonexit () returned 0x72f86fe0 [0222.354] __dllonexit () returned 0x72f86fc0 [0222.354] __dllonexit () returned 0x72f86ff0 [0222.354] __dllonexit () returned 0x72f86fd0 [0222.355] GetVersion () returned 0x295a000a [0222.355] GetVersion () returned 0x295a000a [0222.355] GetVersion () returned 0x295a000a [0222.355] __dllonexit () returned 0x72f7a5a0 [0222.355] __dllonexit () returned 0x72f7a5c0 [0222.355] __dllonexit () returned 0x72f61740 [0222.355] __dllonexit () returned 0x72f617f0 [0222.355] __dllonexit () returned 0x72f61800 [0222.355] __dllonexit () returned 0x72f7a3b0 [0222.355] GetVersion () returned 0x295a000a [0222.355] GetProcessVersion (ProcessId=0x0) returned 0xa0000 [0222.356] GetSystemMetrics (nIndex=11) returned 32 [0222.356] GetSystemMetrics (nIndex=12) returned 32 [0222.356] GetSystemMetrics (nIndex=2) returned 17 [0222.356] GetSystemMetrics (nIndex=3) returned 17 [0222.356] GetDC (hWnd=0x0) returned 0xc0100ae [0222.356] GetDeviceCaps (hdc=0xc0100ae, index=88) returned 96 [0222.356] GetDeviceCaps (hdc=0xc0100ae, index=90) returned 96 [0222.356] ReleaseDC (hWnd=0x0, hDC=0xc0100ae) returned 1 [0222.356] GetSysColor (nIndex=15) returned 0xf0f0f0 [0222.356] GetSysColor (nIndex=16) returned 0xa0a0a0 [0222.356] GetSysColor (nIndex=20) returned 0xffffff [0222.356] GetSysColor (nIndex=18) returned 0x0 [0222.356] GetSysColor (nIndex=6) returned 0x646464 [0222.356] GetSysColorBrush (nIndex=15) returned 0x1100074 [0222.356] GetSysColorBrush (nIndex=6) returned 0x110007c [0222.356] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0222.356] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0222.357] __dllonexit () returned 0x72f61870 [0222.357] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc14f [0222.357] __dllonexit () returned 0x72f7a3a0 [0222.357] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0222.357] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0222.357] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0222.357] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0222.357] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0222.357] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0222.357] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0222.357] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0222.357] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0222.357] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0222.357] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0dd [0222.357] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0e6 [0222.358] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc14f [0222.358] __dllonexit () returned 0x72f87010 [0222.358] __dllonexit () returned 0x72f87030 [0222.358] __dllonexit () returned 0x72f87040 [0222.358] __dllonexit () returned 0x72f87050 [0222.359] __dllonexit () returned 0x72f87060 [0222.359] GetCursorPos (in: lpPoint=0x73048298 | out: lpPoint=0x73048298*(x=687, y=489)) returned 1 [0222.359] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x785480 [0222.359] LocalReAlloc (hMem=0x7799f0, uBytes=0xc, uFlags=0x2) returned 0x7824c0 [0222.359] GetCurrentThread () returned 0xfffffffe [0222.359] GetCurrentThreadId () returned 0x5e8 [0222.359] __dllonexit () returned 0x72f61a50 [0222.360] SetErrorMode (uMode=0x0) returned 0x8001 [0222.360] SetErrorMode (uMode=0x8001) returned 0x0 [0222.360] GetModuleFileNameW (in: hModule=0x72f40000, lpFilename=0x187108, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MFC42u.dll" (normalized: "c:\\windows\\syswow64\\mfc42u.dll")) returned 0x1e [0222.360] wcscpy_s (in: _Destination=0x186f00, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0222.360] FindResourceW (hModule=0x72f40000, lpName=0xe01, lpType=0x6) returned 0x720db0 [0222.362] LoadStringW (in: hInstance=0x72f40000, uID=0xe000, lpBuffer=0x186d00, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0222.362] wcscpy_s (in: _Destination=0x18713c, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0222.362] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0222.363] malloc (_Size=0x40) returned 0x9a3ca8 [0222.364] LocalAlloc (uFlags=0x40, uBytes=0x2090) returned 0x785510 [0222.364] GetSystemDirectoryA (in: lpBuffer=0x187354, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0222.364] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0222.364] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0222.364] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0222.364] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0222.365] GetProcAddress (hModule=0x745b0000, lpProcName="InitHelperDll") returned 0x745d45a0 [0222.365] InitHelperDll () returned 0x0 [0222.366] RegisterHelper () returned 0x0 [0222.366] GetProcessHeap () returned 0x770000 [0222.366] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x120) returned 0x7818d8 [0222.366] memcpy (in: _Dst=0x7818d8, _Src=0x7814f0, _Size=0xd8 | out: _Dst=0x7818d8) returned 0x7818d8 [0222.366] GetProcessHeap () returned 0x770000 [0222.367] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7814f0) returned 1 [0222.367] RegisterHelper () returned 0x0 [0222.367] GetProcessHeap () returned 0x770000 [0222.367] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x168) returned 0x781620 [0222.367] memcpy (in: _Dst=0x781620, _Src=0x7818d8, _Size=0x120 | out: _Dst=0x781620) returned 0x781620 [0222.367] GetProcessHeap () returned 0x770000 [0222.368] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7818d8) returned 1 [0222.368] RegisterHelper () returned 0x0 [0222.368] GetProcessHeap () returned 0x770000 [0222.368] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1b0) returned 0x7818d8 [0222.368] memcpy (in: _Dst=0x7818d8, _Src=0x781620, _Size=0x168 | out: _Dst=0x7818d8) returned 0x7818d8 [0222.368] GetProcessHeap () returned 0x770000 [0222.369] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x781620) returned 1 [0222.369] RegisterHelper () returned 0x0 [0222.369] GetProcessHeap () returned 0x770000 [0222.369] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1f8) returned 0x781620 [0222.370] memcpy (in: _Dst=0x781620, _Src=0x7818d8, _Size=0x1b0 | out: _Dst=0x781620) returned 0x781620 [0222.370] GetProcessHeap () returned 0x770000 [0222.370] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7818d8) returned 1 [0222.371] RegisterHelper () returned 0x0 [0222.371] GetProcessHeap () returned 0x770000 [0222.371] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x240) returned 0x787db0 [0222.371] memcpy (in: _Dst=0x787db0, _Src=0x781620, _Size=0x1f8 | out: _Dst=0x787db0) returned 0x787db0 [0222.371] GetProcessHeap () returned 0x770000 [0222.371] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x781620) returned 1 [0222.371] RegEnumValueW (in: hKey=0xcc, dwIndex=0x2, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="authfwcfg", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.371] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0222.371] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0222.371] GetProcessHeap () returned 0x770000 [0222.371] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x50) returned 0x7822b0 [0222.371] memcpy (in: _Dst=0x7822b0, _Src=0x779c88, _Size=0x3c | out: _Dst=0x7822b0) returned 0x7822b0 [0222.371] GetProcessHeap () returned 0x770000 [0222.372] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x14) returned 0x777018 [0222.372] GetProcessHeap () returned 0x770000 [0222.372] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1c) returned 0x780658 [0222.372] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0222.372] GetProcessHeap () returned 0x770000 [0222.372] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779c88) returned 1 [0222.372] LoadLibraryExW (lpLibFileName="AUTHFWCFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x72e40000 [0222.390] GetProcAddress (hModule=0x72e40000, lpProcName="InitHelperDll") returned 0x72e43c40 [0222.390] InitHelperDll () returned 0x0 [0222.391] RegisterHelper () returned 0x0 [0222.391] GetProcessHeap () returned 0x770000 [0222.391] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x288) returned 0x788c10 [0222.391] memcpy (in: _Dst=0x788c10, _Src=0x787db0, _Size=0x240 | out: _Dst=0x788c10) returned 0x788c10 [0222.391] GetProcessHeap () returned 0x770000 [0222.392] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787db0) returned 1 [0222.392] RegisterHelper () returned 0x0 [0222.392] GetProcessHeap () returned 0x770000 [0222.392] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x2d0) returned 0x788ea0 [0222.392] memcpy (in: _Dst=0x788ea0, _Src=0x788c10, _Size=0x288 | out: _Dst=0x788ea0) returned 0x788ea0 [0222.392] GetProcessHeap () returned 0x770000 [0222.393] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788c10) returned 1 [0222.393] RegisterHelper () returned 0x0 [0222.393] GetProcessHeap () returned 0x770000 [0222.393] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x318) returned 0x789178 [0222.393] memcpy (in: _Dst=0x789178, _Src=0x788ea0, _Size=0x2d0 | out: _Dst=0x789178) returned 0x789178 [0222.393] GetProcessHeap () returned 0x770000 [0222.393] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788ea0) returned 1 [0222.393] RegisterHelper () returned 0x0 [0222.393] GetProcessHeap () returned 0x770000 [0222.393] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x360) returned 0x788c10 [0222.393] memcpy (in: _Dst=0x788c10, _Src=0x789178, _Size=0x318 | out: _Dst=0x788c10) returned 0x788c10 [0222.393] GetProcessHeap () returned 0x770000 [0222.394] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x789178) returned 1 [0222.394] RegisterHelper () returned 0x0 [0222.394] GetProcessHeap () returned 0x770000 [0222.394] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x3a8) returned 0x788f78 [0222.394] memcpy (in: _Dst=0x788f78, _Src=0x788c10, _Size=0x360 | out: _Dst=0x788f78) returned 0x788f78 [0222.394] GetProcessHeap () returned 0x770000 [0222.394] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788c10) returned 1 [0222.394] RegEnumValueW (in: hKey=0xcc, dwIndex=0x3, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="dhcpclient", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.394] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0222.394] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0222.394] GetProcessHeap () returned 0x770000 [0222.394] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x64) returned 0x782448 [0222.394] memcpy (in: _Dst=0x782448, _Src=0x7822b0, _Size=0x50 | out: _Dst=0x782448) returned 0x782448 [0222.395] GetProcessHeap () returned 0x770000 [0222.396] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x788b10 [0222.396] GetProcessHeap () returned 0x770000 [0222.396] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x22) returned 0x780838 [0222.397] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0222.400] GetProcessHeap () returned 0x770000 [0222.401] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7822b0) returned 1 [0222.401] LoadLibraryExW (lpLibFileName="DHCPCMONITOR.DLL", hFile=0x0, dwFlags=0x0) returned 0x73c30000 [0222.415] GetProcAddress (hModule=0x73c30000, lpProcName="InitHelperDll") returned 0x73c31a10 [0222.415] InitHelperDll () returned 0x0 [0222.415] RegisterHelper () returned 0x0 [0222.415] GetProcessHeap () returned 0x770000 [0222.415] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x3f0) returned 0x789b30 [0222.415] memcpy (in: _Dst=0x789b30, _Src=0x788f78, _Size=0x3a8 | out: _Dst=0x789b30) returned 0x789b30 [0222.415] GetProcessHeap () returned 0x770000 [0222.415] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788f78) returned 1 [0222.416] RegEnumValueW (in: hKey=0xcc, dwIndex=0x4, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="dot3cfg", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.416] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0222.416] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0222.416] GetProcessHeap () returned 0x770000 [0222.416] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x78) returned 0x77ae90 [0222.416] memcpy (in: _Dst=0x77ae90, _Src=0x782448, _Size=0x64 | out: _Dst=0x77ae90) returned 0x77ae90 [0222.416] GetProcessHeap () returned 0x770000 [0222.416] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x10) returned 0x788100 [0222.416] GetProcessHeap () returned 0x770000 [0222.416] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x18) returned 0x788ab0 [0222.416] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0222.416] GetProcessHeap () returned 0x770000 [0222.416] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x782448) returned 1 [0222.416] LoadLibraryExW (lpLibFileName="DOT3CFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x72de0000 [0222.515] GetProcAddress (hModule=0x72de0000, lpProcName="InitHelperDll") returned 0x72de3aa0 [0222.515] InitHelperDll () returned 0x0 [0222.515] RegisterHelper () returned 0x0 [0222.515] GetProcessHeap () returned 0x770000 [0222.515] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x438) returned 0x788e98 [0222.515] memcpy (in: _Dst=0x788e98, _Src=0x789b30, _Size=0x3f0 | out: _Dst=0x788e98) returned 0x788e98 [0222.515] GetProcessHeap () returned 0x770000 [0222.516] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x789b30) returned 1 [0222.516] RegEnumValueW (in: hKey=0xcc, dwIndex=0x5, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="fwcfg", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.516] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0222.516] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0222.516] GetProcessHeap () returned 0x770000 [0222.516] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8c) returned 0x781b10 [0222.516] memcpy (in: _Dst=0x781b10, _Src=0x77ae90, _Size=0x78 | out: _Dst=0x781b10) returned 0x781b10 [0222.516] GetProcessHeap () returned 0x770000 [0222.516] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x788058 [0222.516] GetProcessHeap () returned 0x770000 [0222.516] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x14) returned 0x788b90 [0222.516] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0222.516] GetProcessHeap () returned 0x770000 [0222.516] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x77ae90) returned 1 [0222.516] LoadLibraryExW (lpLibFileName="FWCFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x73c20000 [0222.520] GetProcAddress (hModule=0x73c20000, lpProcName="InitHelperDll") returned 0x73c22290 [0222.520] InitHelperDll () returned 0x0 [0222.520] RegisterHelper () returned 0x0 [0222.520] GetProcessHeap () returned 0x770000 [0222.520] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x480) returned 0x78e740 [0222.520] memcpy (in: _Dst=0x78e740, _Src=0x788e98, _Size=0x438 | out: _Dst=0x78e740) returned 0x78e740 [0222.520] GetProcessHeap () returned 0x770000 [0222.521] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788e98) returned 1 [0222.522] RegEnumValueW (in: hKey=0xcc, dwIndex=0x6, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="hnetmon", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.522] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0222.522] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0222.522] GetProcessHeap () returned 0x770000 [0222.522] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xa0) returned 0x78a0a8 [0222.522] memcpy (in: _Dst=0x78a0a8, _Src=0x781b10, _Size=0x8c | out: _Dst=0x78a0a8) returned 0x78a0a8 [0222.522] GetProcessHeap () returned 0x770000 [0222.522] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x10) returned 0x788070 [0222.522] GetProcessHeap () returned 0x770000 [0222.522] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x18) returned 0x788850 [0222.522] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0222.522] GetProcessHeap () returned 0x770000 [0222.522] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x781b10) returned 1 [0222.522] LoadLibraryExW (lpLibFileName="HNETMON.DLL", hFile=0x0, dwFlags=0x0) returned 0x72f00000 [0222.586] GetProcAddress (hModule=0x72f00000, lpProcName="InitHelperDll") returned 0x72f024b0 [0222.586] InitHelperDll () returned 0x0 [0222.586] RegisterHelper () returned 0x0 [0222.586] GetProcessHeap () returned 0x770000 [0222.586] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x4c8) returned 0x78ebc8 [0222.586] memcpy (in: _Dst=0x78ebc8, _Src=0x78e740, _Size=0x480 | out: _Dst=0x78ebc8) returned 0x78ebc8 [0222.586] GetProcessHeap () returned 0x770000 [0222.587] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78e740) returned 1 [0222.587] RegEnumValueW (in: hKey=0xcc, dwIndex=0x7, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="netiohlp", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.588] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0222.588] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0222.588] GetProcessHeap () returned 0x770000 [0222.588] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xb4) returned 0x782000 [0222.588] memcpy (in: _Dst=0x782000, _Src=0x78a0a8, _Size=0xa0 | out: _Dst=0x782000) returned 0x782000 [0222.588] GetProcessHeap () returned 0x770000 [0222.588] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x7889b0 [0222.588] GetProcessHeap () returned 0x770000 [0222.588] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1a) returned 0x780630 [0222.588] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0222.588] GetProcessHeap () returned 0x770000 [0222.589] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78a0a8) returned 1 [0222.589] LoadLibraryExW (lpLibFileName="NETIOHLP.DLL", hFile=0x0, dwFlags=0x0) returned 0x72ca0000 [0222.604] GetProcAddress (hModule=0x72ca0000, lpProcName="InitHelperDll") returned 0x72cb69d0 [0222.604] InitHelperDll () returned 0x0 [0222.604] RegisterHelper () returned 0x0 [0222.604] GetProcessHeap () returned 0x770000 [0222.605] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x510) returned 0x78f098 [0222.605] memcpy (in: _Dst=0x78f098, _Src=0x78ebc8, _Size=0x4c8 | out: _Dst=0x78f098) returned 0x78f098 [0222.605] GetProcessHeap () returned 0x770000 [0222.605] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78ebc8) returned 1 [0222.605] RegisterHelper () returned 0x0 [0222.605] GetProcessHeap () returned 0x770000 [0222.605] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x558) returned 0x78e740 [0222.605] memcpy (in: _Dst=0x78e740, _Src=0x78f098, _Size=0x510 | out: _Dst=0x78e740) returned 0x78e740 [0222.605] GetProcessHeap () returned 0x770000 [0222.606] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f098) returned 1 [0222.606] RegisterHelper () returned 0x0 [0222.606] GetProcessHeap () returned 0x770000 [0222.606] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x5a0) returned 0x78eca0 [0222.606] memcpy (in: _Dst=0x78eca0, _Src=0x78e740, _Size=0x558 | out: _Dst=0x78eca0) returned 0x78eca0 [0222.606] GetProcessHeap () returned 0x770000 [0222.606] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78e740) returned 1 [0222.606] RegisterHelper () returned 0x0 [0222.607] GetProcessHeap () returned 0x770000 [0222.607] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x5e8) returned 0x78f248 [0222.607] memcpy (in: _Dst=0x78f248, _Src=0x78eca0, _Size=0x5a0 | out: _Dst=0x78f248) returned 0x78f248 [0222.607] GetProcessHeap () returned 0x770000 [0222.607] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78eca0) returned 1 [0222.607] RegisterHelper () returned 0x0 [0222.607] GetProcessHeap () returned 0x770000 [0222.607] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x630) returned 0x78f838 [0222.607] memcpy (in: _Dst=0x78f838, _Src=0x78f248, _Size=0x5e8 | out: _Dst=0x78f838) returned 0x78f838 [0222.607] GetProcessHeap () returned 0x770000 [0222.608] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f248) returned 1 [0222.608] RegisterHelper () returned 0x0 [0222.608] GetProcessHeap () returned 0x770000 [0222.608] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x678) returned 0x78e740 [0222.608] memcpy (in: _Dst=0x78e740, _Src=0x78f838, _Size=0x630 | out: _Dst=0x78e740) returned 0x78e740 [0222.608] GetProcessHeap () returned 0x770000 [0222.608] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f838) returned 1 [0222.608] RegisterHelper () returned 0x0 [0222.608] GetProcessHeap () returned 0x770000 [0222.608] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x6c0) returned 0x78edc0 [0222.608] memcpy (in: _Dst=0x78edc0, _Src=0x78e740, _Size=0x678 | out: _Dst=0x78edc0) returned 0x78edc0 [0222.608] GetProcessHeap () returned 0x770000 [0222.609] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78e740) returned 1 [0222.609] RegisterHelper () returned 0x0 [0222.609] GetProcessHeap () returned 0x770000 [0222.609] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x708) returned 0x78f488 [0222.609] memcpy (in: _Dst=0x78f488, _Src=0x78edc0, _Size=0x6c0 | out: _Dst=0x78f488) returned 0x78f488 [0222.609] GetProcessHeap () returned 0x770000 [0222.609] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78edc0) returned 1 [0222.609] RegisterHelper () returned 0x0 [0222.609] GetProcessHeap () returned 0x770000 [0222.609] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x750) returned 0x78e740 [0222.609] memcpy (in: _Dst=0x78e740, _Src=0x78f488, _Size=0x708 | out: _Dst=0x78e740) returned 0x78e740 [0222.609] GetProcessHeap () returned 0x770000 [0222.610] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f488) returned 1 [0222.610] RegEnumValueW (in: hKey=0xcc, dwIndex=0x8, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="nshhttp", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.610] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0222.610] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0222.610] GetProcessHeap () returned 0x770000 [0222.610] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc8) returned 0x78e648 [0222.610] memcpy (in: _Dst=0x78e648, _Src=0x782000, _Size=0xb4 | out: _Dst=0x78e648) returned 0x78e648 [0222.610] GetProcessHeap () returned 0x770000 [0222.610] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x10) returned 0x788fd0 [0222.610] GetProcessHeap () returned 0x770000 [0222.610] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x18) returned 0x788bd0 [0222.610] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0222.610] GetProcessHeap () returned 0x770000 [0222.611] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x782000) returned 1 [0222.611] LoadLibraryExW (lpLibFileName="NSHHTTP.DLL", hFile=0x0, dwFlags=0x0) returned 0x72bf0000 [0222.619] GetProcAddress (hModule=0x72bf0000, lpProcName="InitHelperDll") returned 0x72bf1b90 [0222.619] InitHelperDll () returned 0x0 [0222.619] RegisterHelper () returned 0x0 [0222.619] GetProcessHeap () returned 0x770000 [0222.619] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x798) returned 0x78fea0 [0222.619] memcpy (in: _Dst=0x78fea0, _Src=0x78e740, _Size=0x750 | out: _Dst=0x78fea0) returned 0x78fea0 [0222.619] GetProcessHeap () returned 0x770000 [0222.620] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78e740) returned 1 [0222.620] RegEnumValueW (in: hKey=0xcc, dwIndex=0x9, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="nshipsec", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.620] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0222.620] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0222.620] GetProcessHeap () returned 0x770000 [0222.620] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xdc) returned 0x7818d8 [0222.620] memcpy (in: _Dst=0x7818d8, _Src=0x78e648, _Size=0xc8 | out: _Dst=0x7818d8) returned 0x7818d8 [0222.620] GetProcessHeap () returned 0x770000 [0222.620] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x788bb0 [0222.620] GetProcessHeap () returned 0x770000 [0222.620] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1a) returned 0x780568 [0222.620] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0222.620] GetProcessHeap () returned 0x770000 [0222.620] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78e648) returned 1 [0222.620] LoadLibraryExW (lpLibFileName="NSHIPSEC.DLL", hFile=0x0, dwFlags=0x0) returned 0x72110000 [0222.681] GetProcAddress (hModule=0x72110000, lpProcName="InitHelperDll") returned 0x72113910 [0222.681] InitHelperDll () returned 0x0 [0222.681] RegisterHelper () returned 0x0 [0222.681] GetProcessHeap () returned 0x770000 [0222.681] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x7e0) returned 0x793e58 [0222.681] memcpy (in: _Dst=0x793e58, _Src=0x78fea0, _Size=0x798 | out: _Dst=0x793e58) returned 0x793e58 [0222.681] GetProcessHeap () returned 0x770000 [0222.682] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78fea0) returned 1 [0222.682] RegisterHelper () returned 0x0 [0222.682] GetProcessHeap () returned 0x770000 [0222.682] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x828) returned 0x794640 [0222.682] memcpy (in: _Dst=0x794640, _Src=0x793e58, _Size=0x7e0 | out: _Dst=0x794640) returned 0x794640 [0222.682] GetProcessHeap () returned 0x770000 [0222.683] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x793e58) returned 1 [0222.683] RegisterHelper () returned 0x0 [0222.683] GetProcessHeap () returned 0x770000 [0222.683] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x870) returned 0x794e70 [0222.683] memcpy (in: _Dst=0x794e70, _Src=0x794640, _Size=0x828 | out: _Dst=0x794e70) returned 0x794e70 [0222.683] GetProcessHeap () returned 0x770000 [0222.683] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794640) returned 1 [0222.690] RegEnumValueW (in: hKey=0xcc, dwIndex=0xa, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="nshwfp", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.691] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0222.691] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0222.691] GetProcessHeap () returned 0x770000 [0222.691] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xf0) returned 0x790538 [0222.691] memcpy (in: _Dst=0x790538, _Src=0x7818d8, _Size=0xdc | out: _Dst=0x790538) returned 0x790538 [0222.691] GetProcessHeap () returned 0x770000 [0222.691] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xe) returned 0x790080 [0222.691] GetProcessHeap () returned 0x770000 [0222.691] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x788bf0 [0222.691] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0222.691] GetProcessHeap () returned 0x770000 [0222.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7818d8) returned 1 [0222.692] LoadLibraryExW (lpLibFileName="NSHWFP.DLL", hFile=0x0, dwFlags=0x0) returned 0x71f60000 [0222.702] GetProcAddress (hModule=0x71f60000, lpProcName="InitHelperDll") returned 0x71fb3bb0 [0222.702] InitHelperDll () returned 0x0 [0222.702] RegisterHelper () returned 0x0 [0222.702] GetProcessHeap () returned 0x770000 [0222.702] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8b8) returned 0x796f30 [0222.702] memcpy (in: _Dst=0x796f30, _Src=0x794e70, _Size=0x870 | out: _Dst=0x796f30) returned 0x796f30 [0222.702] GetProcessHeap () returned 0x770000 [0222.703] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794e70) returned 1 [0222.703] RegEnumValueW (in: hKey=0xcc, dwIndex=0xb, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="p2pnetsh", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.703] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0222.703] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0222.703] GetProcessHeap () returned 0x770000 [0222.703] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x104) returned 0x7818d8 [0222.703] memcpy (in: _Dst=0x7818d8, _Src=0x790538, _Size=0xf0 | out: _Dst=0x7818d8) returned 0x7818d8 [0222.703] GetProcessHeap () returned 0x770000 [0222.703] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x788930 [0222.703] GetProcessHeap () returned 0x770000 [0222.703] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1a) returned 0x793c98 [0222.703] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0222.703] GetProcessHeap () returned 0x770000 [0222.704] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x790538) returned 1 [0222.704] LoadLibraryExW (lpLibFileName="P2PNETSH.DLL", hFile=0x0, dwFlags=0x0) returned 0x71ef0000 [0222.743] GetProcAddress (hModule=0x71ef0000, lpProcName="InitHelperDll") returned 0x71ef58d0 [0222.743] InitHelperDll () returned 0x0 [0222.743] RegisterHelper () returned 0x0 [0222.743] GetProcessHeap () returned 0x770000 [0222.743] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x900) returned 0x794660 [0222.743] memcpy (in: _Dst=0x794660, _Src=0x796f30, _Size=0x8b8 | out: _Dst=0x794660) returned 0x794660 [0222.743] GetProcessHeap () returned 0x770000 [0222.744] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x796f30) returned 1 [0222.744] RegisterHelper () returned 0x0 [0222.744] GetProcessHeap () returned 0x770000 [0222.744] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x948) returned 0x796f30 [0222.744] memcpy (in: _Dst=0x796f30, _Src=0x794660, _Size=0x900 | out: _Dst=0x796f30) returned 0x796f30 [0222.744] GetProcessHeap () returned 0x770000 [0222.745] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794660) returned 1 [0222.745] RegisterHelper () returned 0x0 [0222.745] GetProcessHeap () returned 0x770000 [0222.745] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x990) returned 0x794660 [0222.745] memcpy (in: _Dst=0x794660, _Src=0x796f30, _Size=0x948 | out: _Dst=0x794660) returned 0x794660 [0222.745] GetProcessHeap () returned 0x770000 [0222.745] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x796f30) returned 1 [0222.745] RegisterHelper () returned 0x0 [0222.746] GetProcessHeap () returned 0x770000 [0222.746] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x9d8) returned 0x796f30 [0222.746] memcpy (in: _Dst=0x796f30, _Src=0x794660, _Size=0x990 | out: _Dst=0x796f30) returned 0x796f30 [0222.746] GetProcessHeap () returned 0x770000 [0222.746] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794660) returned 1 [0222.747] RegisterHelper () returned 0x0 [0222.747] GetProcessHeap () returned 0x770000 [0222.747] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xa20) returned 0x794660 [0222.747] memcpy (in: _Dst=0x794660, _Src=0x796f30, _Size=0x9d8 | out: _Dst=0x794660) returned 0x794660 [0222.747] GetProcessHeap () returned 0x770000 [0222.747] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x796f30) returned 1 [0222.747] RegisterHelper () returned 0x0 [0222.747] GetProcessHeap () returned 0x770000 [0222.747] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xa68) returned 0x796f30 [0222.747] memcpy (in: _Dst=0x796f30, _Src=0x794660, _Size=0xa20 | out: _Dst=0x796f30) returned 0x796f30 [0222.747] GetProcessHeap () returned 0x770000 [0222.748] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794660) returned 1 [0222.748] RegisterHelper () returned 0x0 [0222.748] GetProcessHeap () returned 0x770000 [0222.748] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xab0) returned 0x794660 [0222.748] memcpy (in: _Dst=0x794660, _Src=0x796f30, _Size=0xa68 | out: _Dst=0x794660) returned 0x794660 [0222.748] GetProcessHeap () returned 0x770000 [0222.748] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x796f30) returned 1 [0222.748] RegisterHelper () returned 0x0 [0222.748] GetProcessHeap () returned 0x770000 [0222.748] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xaf8) returned 0x796f30 [0222.748] memcpy (in: _Dst=0x796f30, _Src=0x794660, _Size=0xab0 | out: _Dst=0x796f30) returned 0x796f30 [0222.749] GetProcessHeap () returned 0x770000 [0222.749] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794660) returned 1 [0222.749] RegEnumValueW (in: hKey=0xcc, dwIndex=0xc, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="rpc", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.749] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0222.749] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0222.749] GetProcessHeap () returned 0x770000 [0222.749] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x118) returned 0x797a30 [0222.749] memcpy (in: _Dst=0x797a30, _Src=0x7818d8, _Size=0x104 | out: _Dst=0x797a30) returned 0x797a30 [0222.749] GetProcessHeap () returned 0x770000 [0222.749] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7885a0 [0222.749] GetProcessHeap () returned 0x770000 [0222.749] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x788870 [0222.749] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0222.749] GetProcessHeap () returned 0x770000 [0222.750] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7818d8) returned 1 [0222.750] LoadLibraryExW (lpLibFileName="RPCNSH.DLL", hFile=0x0, dwFlags=0x0) returned 0x72bd0000 [0222.760] GetProcAddress (hModule=0x72bd0000, lpProcName="InitHelperDll") returned 0x72bd2a80 [0222.760] InitHelperDll () returned 0x0 [0222.760] RegisterHelper () returned 0x0 [0222.760] GetProcessHeap () returned 0x770000 [0222.760] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xb40) returned 0x794660 [0222.761] memcpy (in: _Dst=0x794660, _Src=0x796f30, _Size=0xaf8 | out: _Dst=0x794660) returned 0x794660 [0222.761] GetProcessHeap () returned 0x770000 [0222.761] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x796f30) returned 1 [0222.761] RegisterHelper () returned 0x0 [0222.761] GetProcessHeap () returned 0x770000 [0222.761] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xb88) returned 0x797b50 [0222.762] memcpy (in: _Dst=0x797b50, _Src=0x794660, _Size=0xb40 | out: _Dst=0x797b50) returned 0x797b50 [0222.762] GetProcessHeap () returned 0x770000 [0222.762] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794660) returned 1 [0222.762] RegEnumValueW (in: hKey=0xcc, dwIndex=0xd, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="whhelper", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.762] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0222.762] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0222.762] GetProcessHeap () returned 0x770000 [0222.762] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12c) returned 0x7818d8 [0222.762] memcpy (in: _Dst=0x7818d8, _Src=0x797a30, _Size=0x118 | out: _Dst=0x7818d8) returned 0x7818d8 [0222.762] GetProcessHeap () returned 0x770000 [0222.763] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x788890 [0222.763] GetProcessHeap () returned 0x770000 [0222.763] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1a) returned 0x793b80 [0222.763] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0222.763] GetProcessHeap () returned 0x770000 [0222.763] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797a30) returned 1 [0222.763] LoadLibraryExW (lpLibFileName="WHHELPER.DLL", hFile=0x0, dwFlags=0x0) returned 0x71eb0000 [0222.774] GetProcAddress (hModule=0x71eb0000, lpProcName="InitHelperDll") returned 0x71eb17b0 [0222.774] InitHelperDll () returned 0x0 [0222.774] RegisterHelper () returned 0x0 [0222.774] GetProcessHeap () returned 0x770000 [0222.774] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xbd0) returned 0x796f30 [0222.774] memcpy (in: _Dst=0x796f30, _Src=0x797b50, _Size=0xb88 | out: _Dst=0x796f30) returned 0x796f30 [0222.774] GetProcessHeap () returned 0x770000 [0222.775] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797b50) returned 1 [0222.775] RegEnumValueW (in: hKey=0xcc, dwIndex=0xe, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="wlancfg", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.775] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0222.775] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0222.775] GetProcessHeap () returned 0x770000 [0222.775] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x140) returned 0x794660 [0222.775] memcpy (in: _Dst=0x794660, _Src=0x7818d8, _Size=0x12c | out: _Dst=0x794660) returned 0x794660 [0222.775] GetProcessHeap () returned 0x770000 [0222.776] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x10) returned 0x790128 [0222.776] GetProcessHeap () returned 0x770000 [0222.776] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x18) returned 0x7888b0 [0222.776] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0222.776] GetProcessHeap () returned 0x770000 [0222.776] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7818d8) returned 1 [0222.776] LoadLibraryExW (lpLibFileName="WLANCFG.DLL", hFile=0x0, dwFlags=0x0) returned 0x71dd0000 [0222.806] GetProcAddress (hModule=0x71dd0000, lpProcName="InitHelperDll") returned 0x71dd9fb0 [0222.806] InitHelperDll () returned 0x0 [0222.806] RegisterHelper () returned 0x0 [0222.806] GetProcessHeap () returned 0x770000 [0222.806] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc18) returned 0x794a30 [0222.806] memcpy (in: _Dst=0x794a30, _Src=0x796f30, _Size=0xbd0 | out: _Dst=0x794a30) returned 0x794a30 [0222.806] GetProcessHeap () returned 0x770000 [0222.807] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x796f30) returned 1 [0222.807] RegEnumValueW (in: hKey=0xcc, dwIndex=0xf, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="wshelper", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.807] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0222.807] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0222.807] GetProcessHeap () returned 0x770000 [0222.807] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x154) returned 0x796f30 [0222.807] memcpy (in: _Dst=0x796f30, _Src=0x794660, _Size=0x140 | out: _Dst=0x796f30) returned 0x796f30 [0222.807] GetProcessHeap () returned 0x770000 [0222.807] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x788a30 [0222.807] GetProcessHeap () returned 0x770000 [0222.807] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1a) returned 0x793c70 [0222.807] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0222.807] GetProcessHeap () returned 0x770000 [0222.808] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794660) returned 1 [0222.808] LoadLibraryExW (lpLibFileName="WSHELPER.DLL", hFile=0x0, dwFlags=0x0) returned 0x71cf0000 [0222.823] GetProcAddress (hModule=0x71cf0000, lpProcName="InitHelperDll") returned 0x71cf16c0 [0222.823] InitHelperDll () returned 0x0 [0222.823] RegisterHelper () returned 0x0 [0222.823] GetProcessHeap () returned 0x770000 [0222.823] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc60) returned 0x7994b8 [0222.824] memcpy (in: _Dst=0x7994b8, _Src=0x794a30, _Size=0xc18 | out: _Dst=0x7994b8) returned 0x7994b8 [0222.824] GetProcessHeap () returned 0x770000 [0222.824] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794a30) returned 1 [0222.824] RegEnumValueW (in: hKey=0xcc, dwIndex=0x10, lpValueName=0x776760, lpcchValueName=0x1878fc, lpReserved=0x0, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900 | out: lpValueName="peerdistsh", lpcchValueName=0x1878fc, lpType=0x0, lpData=0x7728c8, lpcbData=0x187900) returned 0x0 [0222.824] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0222.824] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0222.824] GetProcessHeap () returned 0x770000 [0222.824] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x168) returned 0x794a30 [0222.824] memcpy (in: _Dst=0x794a30, _Src=0x796f30, _Size=0x154 | out: _Dst=0x794a30) returned 0x794a30 [0222.824] GetProcessHeap () returned 0x770000 [0222.825] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x797628 [0222.825] GetProcessHeap () returned 0x770000 [0222.825] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1e) returned 0x793ba8 [0222.825] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0222.825] GetProcessHeap () returned 0x770000 [0222.825] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x796f30) returned 1 [0222.825] LoadLibraryExW (lpLibFileName="PEERDISTSH.DLL", hFile=0x0, dwFlags=0x0) returned 0x71bf0000 [0222.836] GetProcAddress (hModule=0x71bf0000, lpProcName="InitHelperDll") returned 0x71c0e4d0 [0222.836] InitHelperDll () returned 0x0 [0222.836] RegisterHelper () returned 0x0 [0222.836] GetProcessHeap () returned 0x770000 [0222.836] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xca8) returned 0x79c128 [0222.837] memcpy (in: _Dst=0x79c128, _Src=0x7994b8, _Size=0xc60 | out: _Dst=0x79c128) returned 0x79c128 [0222.837] GetProcessHeap () returned 0x770000 [0222.837] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7994b8) returned 1 [0222.837] RegisterHelper () returned 0x0 [0222.837] GetProcessHeap () returned 0x770000 [0222.837] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xcf0) returned 0x79cdd8 [0222.837] memcpy (in: _Dst=0x79cdd8, _Src=0x79c128, _Size=0xca8 | out: _Dst=0x79cdd8) returned 0x79cdd8 [0222.837] GetProcessHeap () returned 0x770000 [0222.838] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c128) returned 1 [0222.838] RegCloseKey (hKey=0xcc) returned 0x0 [0222.838] GetProcessHeap () returned 0x770000 [0222.838] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776760) returned 1 [0222.838] GetProcessHeap () returned 0x770000 [0222.839] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7728c8) returned 1 [0222.840] GetProcessHeap () returned 0x770000 [0222.840] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787800 [0222.840] memcpy (in: _Dst=0x787800, _Src=0x187878, _Size=0x48 | out: _Dst=0x787800) returned 0x787800 [0222.840] GetProcessHeap () returned 0x770000 [0222.840] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.840] RegisterContext () returned 0x0 [0222.840] GetProcessHeap () returned 0x770000 [0222.840] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.841] memcpy (in: _Dst=0x787850, _Src=0x187870, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.841] GetProcessHeap () returned 0x770000 [0222.841] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.841] RegisterContext () returned 0x0 [0222.843] _wcsicmp (_String1="ras", _String2="interface") returned 9 [0222.843] _wcsicmp (_String1="ras", _String2="interface") returned 9 [0222.843] GetProcessHeap () returned 0x770000 [0222.843] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78fa08 [0222.843] memcpy (in: _Dst=0x78fa08, _Src=0x787850, _Size=0x48 | out: _Dst=0x78fa08) returned 0x78fa08 [0222.843] memcpy (in: _Dst=0x78fa50, _Src=0x187878, _Size=0x48 | out: _Dst=0x78fa50) returned 0x78fa50 [0222.843] GetProcessHeap () returned 0x770000 [0222.844] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787850) returned 1 [0222.871] RegisterContext () returned 0x0 [0222.872] GetProcessHeap () returned 0x770000 [0222.872] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.872] memcpy (in: _Dst=0x787850, _Src=0x187878, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.872] GetProcessHeap () returned 0x770000 [0222.872] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.872] RegisterContext () returned 0x0 [0222.872] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0222.873] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0222.873] GetProcessHeap () returned 0x770000 [0222.873] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78f5e0 [0222.873] memcpy (in: _Dst=0x78f5e0, _Src=0x787850, _Size=0x48 | out: _Dst=0x78f5e0) returned 0x78f5e0 [0222.873] memcpy (in: _Dst=0x78f628, _Src=0x187878, _Size=0x48 | out: _Dst=0x78f628) returned 0x78f628 [0222.873] GetProcessHeap () returned 0x770000 [0222.874] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787850) returned 1 [0222.874] RegisterContext () returned 0x0 [0222.875] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0222.875] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0222.875] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0222.875] GetProcessHeap () returned 0x770000 [0222.875] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd8) returned 0x795150 [0222.875] memcpy (in: _Dst=0x795150, _Src=0x187878, _Size=0x48 | out: _Dst=0x795150) returned 0x795150 [0222.875] memcpy (in: _Dst=0x795198, _Src=0x78f5e0, _Size=0x90 | out: _Dst=0x795198) returned 0x795198 [0222.875] GetProcessHeap () returned 0x770000 [0222.876] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f5e0) returned 1 [0222.876] RegisterContext () returned 0x0 [0222.876] _wcsicmp (_String1="diagnostics", _String2="aaaa") returned 3 [0222.876] _wcsicmp (_String1="diagnostics", _String2="ip") returned -5 [0222.876] _wcsicmp (_String1="diagnostics", _String2="ipv6") returned -5 [0222.876] _wcsicmp (_String1="diagnostics", _String2="aaaa") returned 3 [0222.876] _wcsicmp (_String1="diagnostics", _String2="ip") returned -5 [0222.876] GetProcessHeap () returned 0x770000 [0222.876] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x120) returned 0x795230 [0222.876] memcpy (in: _Dst=0x795230, _Src=0x795150, _Size=0x48 | out: _Dst=0x795230) returned 0x795230 [0222.876] memcpy (in: _Dst=0x795278, _Src=0x187878, _Size=0x48 | out: _Dst=0x795278) returned 0x795278 [0222.877] memcpy (in: _Dst=0x7952c0, _Src=0x795198, _Size=0x90 | out: _Dst=0x7952c0) returned 0x7952c0 [0222.877] GetProcessHeap () returned 0x770000 [0222.877] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x795150) returned 1 [0222.877] RegisterContext () returned 0x0 [0222.877] _wcsicmp (_String1="advfirewall", _String2="interface") returned -8 [0222.877] _wcsicmp (_String1="advfirewall", _String2="ras") returned -17 [0222.878] _wcsicmp (_String1="advfirewall", _String2="interface") returned -8 [0222.878] GetProcessHeap () returned 0x770000 [0222.878] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd8) returned 0x795150 [0222.878] memcpy (in: _Dst=0x795150, _Src=0x187870, _Size=0x48 | out: _Dst=0x795150) returned 0x795150 [0222.878] memcpy (in: _Dst=0x795198, _Src=0x78fa08, _Size=0x90 | out: _Dst=0x795198) returned 0x795198 [0222.878] GetProcessHeap () returned 0x770000 [0222.878] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78fa08) returned 1 [0222.878] RegisterContext () returned 0x0 [0222.878] GetProcessHeap () returned 0x770000 [0222.878] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.878] memcpy (in: _Dst=0x787850, _Src=0x187870, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.878] GetProcessHeap () returned 0x770000 [0222.878] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.879] RegisterContext () returned 0x0 [0222.879] _wcsicmp (_String1="firewall", _String2="consec") returned 3 [0222.879] _wcsicmp (_String1="firewall", _String2="consec") returned 3 [0222.879] GetProcessHeap () returned 0x770000 [0222.879] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78f840 [0222.879] memcpy (in: _Dst=0x78f840, _Src=0x787850, _Size=0x48 | out: _Dst=0x78f840) returned 0x78f840 [0222.879] memcpy (in: _Dst=0x78f888, _Src=0x187870, _Size=0x48 | out: _Dst=0x78f888) returned 0x78f888 [0222.879] GetProcessHeap () returned 0x770000 [0222.879] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787850) returned 1 [0222.879] RegisterContext () returned 0x0 [0222.880] _wcsicmp (_String1="monitor", _String2="consec") returned 10 [0222.880] _wcsicmp (_String1="monitor", _String2="firewall") returned 7 [0222.880] _wcsicmp (_String1="monitor", _String2="consec") returned 10 [0222.880] _wcsicmp (_String1="monitor", _String2="firewall") returned 7 [0222.880] GetProcessHeap () returned 0x770000 [0222.880] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd8) returned 0x795358 [0222.880] memcpy (in: _Dst=0x795358, _Src=0x78f840, _Size=0x90 | out: _Dst=0x795358) returned 0x795358 [0222.880] memcpy (in: _Dst=0x7953e8, _Src=0x187870, _Size=0x48 | out: _Dst=0x7953e8) returned 0x7953e8 [0222.880] GetProcessHeap () returned 0x770000 [0222.881] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f840) returned 1 [0222.881] RegisterContext () returned 0x0 [0222.881] _wcsicmp (_String1="mainmode", _String2="consec") returned 10 [0222.881] _wcsicmp (_String1="mainmode", _String2="firewall") returned 7 [0222.881] _wcsicmp (_String1="mainmode", _String2="monitor") returned -14 [0222.881] _wcsicmp (_String1="mainmode", _String2="consec") returned 10 [0222.881] _wcsicmp (_String1="mainmode", _String2="firewall") returned 7 [0222.881] _wcsicmp (_String1="mainmode", _String2="monitor") returned -14 [0222.881] GetProcessHeap () returned 0x770000 [0222.881] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x120) returned 0x795438 [0222.881] memcpy (in: _Dst=0x795438, _Src=0x795358, _Size=0x90 | out: _Dst=0x795438) returned 0x795438 [0222.881] memcpy (in: _Dst=0x7954c8, _Src=0x187870, _Size=0x48 | out: _Dst=0x7954c8) returned 0x7954c8 [0222.881] memcpy (in: _Dst=0x795510, _Src=0x7953e8, _Size=0x48 | out: _Dst=0x795510) returned 0x795510 [0222.881] GetProcessHeap () returned 0x770000 [0222.882] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x795358) returned 1 [0222.882] RegisterContext () returned 0x0 [0222.882] _wcsicmp (_String1="dhcpclient", _String2="advfirewall") returned 3 [0222.882] _wcsicmp (_String1="dhcpclient", _String2="interface") returned -5 [0222.882] _wcsicmp (_String1="dhcpclient", _String2="ras") returned -14 [0222.882] _wcsicmp (_String1="dhcpclient", _String2="advfirewall") returned 3 [0222.882] _wcsicmp (_String1="dhcpclient", _String2="interface") returned -5 [0222.882] GetProcessHeap () returned 0x770000 [0222.882] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x120) returned 0x7a1600 [0222.882] memcpy (in: _Dst=0x7a1600, _Src=0x795150, _Size=0x48 | out: _Dst=0x7a1600) returned 0x7a1600 [0222.882] memcpy (in: _Dst=0x7a1648, _Src=0x187878, _Size=0x48 | out: _Dst=0x7a1648) returned 0x7a1648 [0222.882] memcpy (in: _Dst=0x7a1690, _Src=0x795198, _Size=0x90 | out: _Dst=0x7a1690) returned 0x7a1690 [0222.882] GetProcessHeap () returned 0x770000 [0222.882] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x795150) returned 1 [0222.882] RegisterContext () returned 0x0 [0222.882] _wcsicmp (_String1="lan", _String2="advfirewall") returned 11 [0222.883] _wcsicmp (_String1="lan", _String2="dhcpclient") returned 8 [0222.883] _wcsicmp (_String1="lan", _String2="interface") returned 3 [0222.883] _wcsicmp (_String1="lan", _String2="ras") returned -6 [0222.883] _wcsicmp (_String1="lan", _String2="advfirewall") returned 11 [0222.883] _wcsicmp (_String1="lan", _String2="dhcpclient") returned 8 [0222.883] _wcsicmp (_String1="lan", _String2="interface") returned 3 [0222.883] _wcsicmp (_String1="lan", _String2="ras") returned -6 [0222.883] GetProcessHeap () returned 0x770000 [0222.883] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x168) returned 0x7a1728 [0222.883] memcpy (in: _Dst=0x7a1728, _Src=0x7a1600, _Size=0xd8 | out: _Dst=0x7a1728) returned 0x7a1728 [0222.883] memcpy (in: _Dst=0x7a1800, _Src=0x187878, _Size=0x48 | out: _Dst=0x7a1800) returned 0x7a1800 [0222.883] memcpy (in: _Dst=0x7a1848, _Src=0x7a16d8, _Size=0x48 | out: _Dst=0x7a1848) returned 0x7a1848 [0222.883] GetProcessHeap () returned 0x770000 [0222.883] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1600) returned 1 [0222.886] RegisterContext () returned 0x0 [0222.886] _wcsicmp (_String1="firewall", _String2="advfirewall") returned 5 [0222.886] _wcsicmp (_String1="firewall", _String2="dhcpclient") returned 2 [0222.886] _wcsicmp (_String1="firewall", _String2="interface") returned -3 [0222.886] _wcsicmp (_String1="firewall", _String2="lan") returned -6 [0222.886] _wcsicmp (_String1="firewall", _String2="ras") returned -12 [0222.886] _wcsicmp (_String1="firewall", _String2="advfirewall") returned 5 [0222.886] _wcsicmp (_String1="firewall", _String2="dhcpclient") returned 2 [0222.886] _wcsicmp (_String1="firewall", _String2="interface") returned -3 [0222.886] GetProcessHeap () returned 0x770000 [0222.886] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1b0) returned 0x7a1898 [0222.886] memcpy (in: _Dst=0x7a1898, _Src=0x7a1728, _Size=0x90 | out: _Dst=0x7a1898) returned 0x7a1898 [0222.886] memcpy (in: _Dst=0x7a1928, _Src=0x187870, _Size=0x48 | out: _Dst=0x7a1928) returned 0x7a1928 [0222.886] memcpy (in: _Dst=0x7a1970, _Src=0x7a17b8, _Size=0xd8 | out: _Dst=0x7a1970) returned 0x7a1970 [0222.886] GetProcessHeap () returned 0x770000 [0222.887] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1728) returned 1 [0222.887] RegisterContext () returned 0x0 [0222.887] _wcsicmp (_String1="bridge", _String2="advfirewall") returned 1 [0222.887] _wcsicmp (_String1="bridge", _String2="dhcpclient") returned -2 [0222.887] _wcsicmp (_String1="bridge", _String2="firewall") returned -4 [0222.887] _wcsicmp (_String1="bridge", _String2="interface") returned -7 [0222.887] _wcsicmp (_String1="bridge", _String2="lan") returned -10 [0222.887] _wcsicmp (_String1="bridge", _String2="ras") returned -16 [0222.887] _wcsicmp (_String1="bridge", _String2="advfirewall") returned 1 [0222.887] _wcsicmp (_String1="bridge", _String2="dhcpclient") returned -2 [0222.887] GetProcessHeap () returned 0x770000 [0222.887] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1f8) returned 0x7a1600 [0222.887] memcpy (in: _Dst=0x7a1600, _Src=0x7a1898, _Size=0x48 | out: _Dst=0x7a1600) returned 0x7a1600 [0222.887] memcpy (in: _Dst=0x7a1648, _Src=0x187878, _Size=0x48 | out: _Dst=0x7a1648) returned 0x7a1648 [0222.887] memcpy (in: _Dst=0x7a1690, _Src=0x7a18e0, _Size=0x168 | out: _Dst=0x7a1690) returned 0x7a1690 [0222.887] GetProcessHeap () returned 0x770000 [0222.888] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1898) returned 1 [0222.888] RegisterContext () returned 0x0 [0222.888] _wcsicmp (_String1="netio", _String2="advfirewall") returned 13 [0222.888] _wcsicmp (_String1="netio", _String2="bridge") returned 12 [0222.888] _wcsicmp (_String1="netio", _String2="dhcpclient") returned 10 [0222.888] _wcsicmp (_String1="netio", _String2="firewall") returned 8 [0222.888] _wcsicmp (_String1="netio", _String2="interface") returned 5 [0222.888] _wcsicmp (_String1="netio", _String2="lan") returned 2 [0222.888] _wcsicmp (_String1="netio", _String2="ras") returned -4 [0222.888] _wcsicmp (_String1="netio", _String2="advfirewall") returned 13 [0222.888] _wcsicmp (_String1="netio", _String2="bridge") returned 12 [0222.888] _wcsicmp (_String1="netio", _String2="dhcpclient") returned 10 [0222.888] _wcsicmp (_String1="netio", _String2="firewall") returned 8 [0222.888] _wcsicmp (_String1="netio", _String2="interface") returned 5 [0222.888] _wcsicmp (_String1="netio", _String2="lan") returned 2 [0222.888] _wcsicmp (_String1="netio", _String2="ras") returned -4 [0222.888] GetProcessHeap () returned 0x770000 [0222.888] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x240) returned 0x7a1800 [0222.889] memcpy (in: _Dst=0x7a1800, _Src=0x7a1600, _Size=0x1b0 | out: _Dst=0x7a1800) returned 0x7a1800 [0222.889] memcpy (in: _Dst=0x7a19b0, _Src=0x187874, _Size=0x48 | out: _Dst=0x7a19b0) returned 0x7a19b0 [0222.889] memcpy (in: _Dst=0x7a19f8, _Src=0x7a17b0, _Size=0x48 | out: _Dst=0x7a19f8) returned 0x7a19f8 [0222.889] GetProcessHeap () returned 0x770000 [0222.889] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1600) returned 1 [0222.889] RegisterContext () returned 0x0 [0222.889] _wcsicmp (_String1="dnsclient", _String2="advfirewall") returned 3 [0222.889] _wcsicmp (_String1="dnsclient", _String2="bridge") returned 2 [0222.889] _wcsicmp (_String1="dnsclient", _String2="dhcpclient") returned 6 [0222.889] _wcsicmp (_String1="dnsclient", _String2="firewall") returned -2 [0222.889] _wcsicmp (_String1="dnsclient", _String2="interface") returned -5 [0222.889] _wcsicmp (_String1="dnsclient", _String2="lan") returned -8 [0222.889] _wcsicmp (_String1="dnsclient", _String2="netio") returned -10 [0222.889] _wcsicmp (_String1="dnsclient", _String2="ras") returned -14 [0222.889] _wcsicmp (_String1="dnsclient", _String2="advfirewall") returned 3 [0222.889] _wcsicmp (_String1="dnsclient", _String2="bridge") returned 2 [0222.889] _wcsicmp (_String1="dnsclient", _String2="dhcpclient") returned 6 [0222.890] _wcsicmp (_String1="dnsclient", _String2="firewall") returned -2 [0222.890] GetProcessHeap () returned 0x770000 [0222.890] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x288) returned 0x7a1a48 [0222.890] memcpy (in: _Dst=0x7a1a48, _Src=0x7a1800, _Size=0xd8 | out: _Dst=0x7a1a48) returned 0x7a1a48 [0222.890] memcpy (in: _Dst=0x7a1b20, _Src=0x187874, _Size=0x48 | out: _Dst=0x7a1b20) returned 0x7a1b20 [0222.890] memcpy (in: _Dst=0x7a1b68, _Src=0x7a18d8, _Size=0x168 | out: _Dst=0x7a1b68) returned 0x7a1b68 [0222.890] GetProcessHeap () returned 0x770000 [0222.890] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1800) returned 1 [0222.890] RegisterContext () returned 0x0 [0222.890] _wcsicmp (_String1="namespace", _String2="advfirewall") returned 13 [0222.890] _wcsicmp (_String1="namespace", _String2="bridge") returned 12 [0222.890] _wcsicmp (_String1="namespace", _String2="dhcpclient") returned 10 [0222.890] _wcsicmp (_String1="namespace", _String2="dnsclient") returned 10 [0222.890] _wcsicmp (_String1="namespace", _String2="firewall") returned 8 [0222.890] _wcsicmp (_String1="namespace", _String2="interface") returned 5 [0222.890] _wcsicmp (_String1="namespace", _String2="lan") returned 2 [0222.890] _wcsicmp (_String1="namespace", _String2="netio") returned -4 [0222.890] _wcsicmp (_String1="namespace", _String2="ras") returned -4 [0222.890] _wcsicmp (_String1="namespace", _String2="advfirewall") returned 13 [0222.890] _wcsicmp (_String1="namespace", _String2="bridge") returned 12 [0222.891] _wcsicmp (_String1="namespace", _String2="dhcpclient") returned 10 [0222.891] _wcsicmp (_String1="namespace", _String2="dnsclient") returned 10 [0222.891] _wcsicmp (_String1="namespace", _String2="firewall") returned 8 [0222.891] _wcsicmp (_String1="namespace", _String2="interface") returned 5 [0222.891] _wcsicmp (_String1="namespace", _String2="lan") returned 2 [0222.891] _wcsicmp (_String1="namespace", _String2="netio") returned -4 [0222.891] GetProcessHeap () returned 0x770000 [0222.891] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x2d0) returned 0x7a1cd8 [0222.891] memcpy (in: _Dst=0x7a1cd8, _Src=0x7a1a48, _Size=0x1f8 | out: _Dst=0x7a1cd8) returned 0x7a1cd8 [0222.891] memcpy (in: _Dst=0x7a1ed0, _Src=0x187874, _Size=0x48 | out: _Dst=0x7a1ed0) returned 0x7a1ed0 [0222.891] memcpy (in: _Dst=0x7a1f18, _Src=0x7a1c40, _Size=0x90 | out: _Dst=0x7a1f18) returned 0x7a1f18 [0222.891] GetProcessHeap () returned 0x770000 [0222.891] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1a48) returned 1 [0222.891] RegisterContext () returned 0x0 [0222.891] GetProcessHeap () returned 0x770000 [0222.891] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.891] memcpy (in: _Dst=0x787850, _Src=0x187874, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.891] GetProcessHeap () returned 0x770000 [0222.891] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.892] RegisterContext () returned 0x0 [0222.892] _wcsicmp (_String1="ipv6", _String2="ipv4") returned 2 [0222.892] _wcsicmp (_String1="ipv6", _String2="ipv4") returned 2 [0222.892] GetProcessHeap () returned 0x770000 [0222.892] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78fd98 [0222.892] memcpy (in: _Dst=0x78fd98, _Src=0x787850, _Size=0x48 | out: _Dst=0x78fd98) returned 0x78fd98 [0222.892] memcpy (in: _Dst=0x78fde0, _Src=0x187874, _Size=0x48 | out: _Dst=0x78fde0) returned 0x78fde0 [0222.892] GetProcessHeap () returned 0x770000 [0222.892] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787850) returned 1 [0222.892] RegisterContext () returned 0x0 [0222.892] _wcsicmp (_String1="6to4", _String2="ipv4") returned -51 [0222.892] _wcsicmp (_String1="6to4", _String2="ipv6") returned -51 [0222.892] _wcsicmp (_String1="6to4", _String2="ipv4") returned -51 [0222.892] GetProcessHeap () returned 0x770000 [0222.892] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd8) returned 0x795150 [0222.892] memcpy (in: _Dst=0x795150, _Src=0x187848, _Size=0x48 | out: _Dst=0x795150) returned 0x795150 [0222.892] memcpy (in: _Dst=0x795198, _Src=0x78fd98, _Size=0x90 | out: _Dst=0x795198) returned 0x795198 [0222.893] GetProcessHeap () returned 0x770000 [0222.893] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78fd98) returned 1 [0222.893] RegisterContext () returned 0x0 [0222.893] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0222.893] _wcsicmp (_String1="isatap", _String2="ipv4") returned 3 [0222.893] _wcsicmp (_String1="isatap", _String2="ipv6") returned 3 [0222.893] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0222.893] _wcsicmp (_String1="isatap", _String2="ipv4") returned 3 [0222.893] _wcsicmp (_String1="isatap", _String2="ipv6") returned 3 [0222.893] GetProcessHeap () returned 0x770000 [0222.893] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x120) returned 0x7a1600 [0222.893] memcpy (in: _Dst=0x7a1600, _Src=0x795150, _Size=0xd8 | out: _Dst=0x7a1600) returned 0x7a1600 [0222.893] memcpy (in: _Dst=0x7a16d8, _Src=0x187848, _Size=0x48 | out: _Dst=0x7a16d8) returned 0x7a16d8 [0222.893] GetProcessHeap () returned 0x770000 [0222.894] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x795150) returned 1 [0222.894] RegisterContext () returned 0x0 [0222.894] _wcsicmp (_String1="teredo", _String2="6to4") returned 62 [0222.894] _wcsicmp (_String1="teredo", _String2="ipv4") returned 11 [0222.894] _wcsicmp (_String1="teredo", _String2="ipv6") returned 11 [0222.894] _wcsicmp (_String1="teredo", _String2="isatap") returned 11 [0222.894] _wcsicmp (_String1="teredo", _String2="6to4") returned 62 [0222.894] _wcsicmp (_String1="teredo", _String2="ipv4") returned 11 [0222.894] _wcsicmp (_String1="teredo", _String2="ipv6") returned 11 [0222.894] _wcsicmp (_String1="teredo", _String2="isatap") returned 11 [0222.894] GetProcessHeap () returned 0x770000 [0222.894] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x168) returned 0x7a1728 [0222.894] memcpy (in: _Dst=0x7a1728, _Src=0x7a1600, _Size=0x120 | out: _Dst=0x7a1728) returned 0x7a1728 [0222.894] memcpy (in: _Dst=0x7a1848, _Src=0x187858, _Size=0x48 | out: _Dst=0x7a1848) returned 0x7a1848 [0222.894] GetProcessHeap () returned 0x770000 [0222.894] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1600) returned 1 [0222.895] RegisterContext () returned 0x0 [0222.895] _wcsicmp (_String1="portproxy", _String2="6to4") returned 58 [0222.895] _wcsicmp (_String1="portproxy", _String2="ipv4") returned 7 [0222.895] _wcsicmp (_String1="portproxy", _String2="ipv6") returned 7 [0222.895] _wcsicmp (_String1="portproxy", _String2="isatap") returned 7 [0222.895] _wcsicmp (_String1="portproxy", _String2="teredo") returned -4 [0222.895] _wcsicmp (_String1="portproxy", _String2="6to4") returned 58 [0222.895] _wcsicmp (_String1="portproxy", _String2="ipv4") returned 7 [0222.895] _wcsicmp (_String1="portproxy", _String2="ipv6") returned 7 [0222.895] _wcsicmp (_String1="portproxy", _String2="isatap") returned 7 [0222.895] _wcsicmp (_String1="portproxy", _String2="teredo") returned -4 [0222.895] GetProcessHeap () returned 0x770000 [0222.896] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1b0) returned 0x7a1898 [0222.896] memcpy (in: _Dst=0x7a1898, _Src=0x7a1728, _Size=0x120 | out: _Dst=0x7a1898) returned 0x7a1898 [0222.896] memcpy (in: _Dst=0x7a19b8, _Src=0x187848, _Size=0x48 | out: _Dst=0x7a19b8) returned 0x7a19b8 [0222.896] memcpy (in: _Dst=0x7a1a00, _Src=0x7a1848, _Size=0x48 | out: _Dst=0x7a1a00) returned 0x7a1a00 [0222.896] GetProcessHeap () returned 0x770000 [0222.896] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1728) returned 1 [0222.896] RegisterContext () returned 0x0 [0222.896] GetProcessHeap () returned 0x770000 [0222.896] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.896] memcpy (in: _Dst=0x787850, _Src=0x187848, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.896] GetProcessHeap () returned 0x770000 [0222.896] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.896] RegisterContext () returned 0x0 [0222.896] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0222.896] _wcsicmp (_String1="isatap", _String2="6to4") returned 51 [0222.896] GetProcessHeap () returned 0x770000 [0222.896] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78fd00 [0222.896] memcpy (in: _Dst=0x78fd00, _Src=0x787850, _Size=0x48 | out: _Dst=0x78fd00) returned 0x78fd00 [0222.896] memcpy (in: _Dst=0x78fd48, _Src=0x187848, _Size=0x48 | out: _Dst=0x78fd48) returned 0x78fd48 [0222.896] GetProcessHeap () returned 0x770000 [0222.897] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787850) returned 1 [0222.897] RegisterContext () returned 0x0 [0222.897] _wcsicmp (_String1="portproxy", _String2="6to4") returned 58 [0222.897] _wcsicmp (_String1="portproxy", _String2="ipv4") returned 7 [0222.897] _wcsicmp (_String1="portproxy", _String2="ipv6") returned 7 [0222.897] _wcsicmp (_String1="portproxy", _String2="isatap") returned 7 [0222.897] _wcsicmp (_String1="portproxy", _String2="portproxy") returned 0 [0222.897] memcpy (in: _Dst=0x7a19b8, _Src=0x187848, _Size=0x48 | out: _Dst=0x7a19b8) returned 0x7a19b8 [0222.897] RegisterContext () returned 0x0 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="6to4") returned 50 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="ipv4") returned -1 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="ipv6") returned -1 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="isatap") returned -1 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="portproxy") returned -8 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="teredo") returned -12 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="6to4") returned 50 [0222.897] _wcsicmp (_String1="httpstunnel", _String2="ipv4") returned -1 [0222.897] GetProcessHeap () returned 0x770000 [0222.898] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1f8) returned 0x7a1a50 [0222.898] memcpy (in: _Dst=0x7a1a50, _Src=0x7a1898, _Size=0x48 | out: _Dst=0x7a1a50) returned 0x7a1a50 [0222.898] memcpy (in: _Dst=0x7a1a98, _Src=0x187874, _Size=0x48 | out: _Dst=0x7a1a98) returned 0x7a1a98 [0222.898] memcpy (in: _Dst=0x7a1ae0, _Src=0x7a18e0, _Size=0x168 | out: _Dst=0x7a1ae0) returned 0x7a1ae0 [0222.898] GetProcessHeap () returned 0x770000 [0222.898] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1898) returned 1 [0222.898] RegisterContext () returned 0x0 [0222.898] _wcsicmp (_String1="tcp", _String2="6to4") returned 62 [0222.898] _wcsicmp (_String1="tcp", _String2="httpstunnel") returned 12 [0222.898] _wcsicmp (_String1="tcp", _String2="ipv4") returned 11 [0222.898] _wcsicmp (_String1="tcp", _String2="ipv6") returned 11 [0222.898] _wcsicmp (_String1="tcp", _String2="isatap") returned 11 [0222.898] _wcsicmp (_String1="tcp", _String2="portproxy") returned 4 [0222.898] _wcsicmp (_String1="tcp", _String2="teredo") returned -2 [0222.898] _wcsicmp (_String1="tcp", _String2="6to4") returned 62 [0222.898] _wcsicmp (_String1="tcp", _String2="httpstunnel") returned 12 [0222.898] _wcsicmp (_String1="tcp", _String2="ipv4") returned 11 [0222.899] _wcsicmp (_String1="tcp", _String2="ipv6") returned 11 [0222.899] _wcsicmp (_String1="tcp", _String2="isatap") returned 11 [0222.899] _wcsicmp (_String1="tcp", _String2="portproxy") returned 4 [0222.899] _wcsicmp (_String1="tcp", _String2="teredo") returned -2 [0222.899] GetProcessHeap () returned 0x770000 [0222.899] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x240) returned 0x7a1600 [0222.899] memcpy (in: _Dst=0x7a1600, _Src=0x7a1a50, _Size=0x1b0 | out: _Dst=0x7a1600) returned 0x7a1600 [0222.899] memcpy (in: _Dst=0x7a17b0, _Src=0x187874, _Size=0x48 | out: _Dst=0x7a17b0) returned 0x7a17b0 [0222.899] memcpy (in: _Dst=0x7a17f8, _Src=0x7a1c00, _Size=0x48 | out: _Dst=0x7a17f8) returned 0x7a17f8 [0222.899] GetProcessHeap () returned 0x770000 [0222.899] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1a50) returned 1 [0222.899] RegisterContext () returned 0x0 [0222.899] _wcsicmp (_String1="http", _String2="advfirewall") returned 7 [0222.899] _wcsicmp (_String1="http", _String2="bridge") returned 6 [0222.899] _wcsicmp (_String1="http", _String2="dhcpclient") returned 4 [0222.899] _wcsicmp (_String1="http", _String2="dnsclient") returned 4 [0222.899] _wcsicmp (_String1="http", _String2="firewall") returned 2 [0222.899] _wcsicmp (_String1="http", _String2="interface") returned -1 [0222.899] _wcsicmp (_String1="http", _String2="lan") returned -4 [0222.899] _wcsicmp (_String1="http", _String2="namespace") returned -6 [0222.899] _wcsicmp (_String1="http", _String2="netio") returned -6 [0222.900] _wcsicmp (_String1="http", _String2="ras") returned -10 [0222.900] _wcsicmp (_String1="http", _String2="advfirewall") returned 7 [0222.900] _wcsicmp (_String1="http", _String2="bridge") returned 6 [0222.900] _wcsicmp (_String1="http", _String2="dhcpclient") returned 4 [0222.900] _wcsicmp (_String1="http", _String2="dnsclient") returned 4 [0222.900] _wcsicmp (_String1="http", _String2="firewall") returned 2 [0222.900] _wcsicmp (_String1="http", _String2="interface") returned -1 [0222.900] GetProcessHeap () returned 0x770000 [0222.900] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x318) returned 0x7a1848 [0222.900] memcpy (in: _Dst=0x7a1848, _Src=0x7a1cd8, _Size=0x168 | out: _Dst=0x7a1848) returned 0x7a1848 [0222.900] memcpy (in: _Dst=0x7a19b0, _Src=0x187874, _Size=0x48 | out: _Dst=0x7a19b0) returned 0x7a19b0 [0222.900] memcpy (in: _Dst=0x7a19f8, _Src=0x7a1e40, _Size=0x168 | out: _Dst=0x7a19f8) returned 0x7a19f8 [0222.900] GetProcessHeap () returned 0x770000 [0222.900] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1cd8) returned 1 [0222.901] RegisterContext () returned 0x0 [0222.901] _wcsicmp (_String1="ipsec", _String2="advfirewall") returned 8 [0222.901] _wcsicmp (_String1="ipsec", _String2="bridge") returned 7 [0222.901] _wcsicmp (_String1="ipsec", _String2="dhcpclient") returned 5 [0222.901] _wcsicmp (_String1="ipsec", _String2="dnsclient") returned 5 [0222.901] _wcsicmp (_String1="ipsec", _String2="firewall") returned 3 [0222.901] _wcsicmp (_String1="ipsec", _String2="http") returned 1 [0222.901] _wcsicmp (_String1="ipsec", _String2="interface") returned 2 [0222.901] _wcsicmp (_String1="ipsec", _String2="lan") returned -3 [0222.901] _wcsicmp (_String1="ipsec", _String2="namespace") returned -5 [0222.901] _wcsicmp (_String1="ipsec", _String2="netio") returned -5 [0222.901] _wcsicmp (_String1="ipsec", _String2="ras") returned -9 [0222.901] _wcsicmp (_String1="ipsec", _String2="advfirewall") returned 8 [0222.901] _wcsicmp (_String1="ipsec", _String2="bridge") returned 7 [0222.901] _wcsicmp (_String1="ipsec", _String2="dhcpclient") returned 5 [0222.901] _wcsicmp (_String1="ipsec", _String2="dnsclient") returned 5 [0222.901] _wcsicmp (_String1="ipsec", _String2="firewall") returned 3 [0222.902] _wcsicmp (_String1="ipsec", _String2="http") returned 1 [0222.902] _wcsicmp (_String1="ipsec", _String2="interface") returned 2 [0222.902] _wcsicmp (_String1="ipsec", _String2="lan") returned -3 [0222.902] GetProcessHeap () returned 0x770000 [0222.902] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x360) returned 0x7a1b68 [0222.902] memcpy (in: _Dst=0x7a1b68, _Src=0x7a1848, _Size=0x1f8 | out: _Dst=0x7a1b68) returned 0x7a1b68 [0222.902] memcpy (in: _Dst=0x7a1d60, _Src=0x187870, _Size=0x48 | out: _Dst=0x7a1d60) returned 0x7a1d60 [0222.902] memcpy (in: _Dst=0x7a1da8, _Src=0x7a1a40, _Size=0x120 | out: _Dst=0x7a1da8) returned 0x7a1da8 [0222.902] GetProcessHeap () returned 0x770000 [0222.902] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1848) returned 1 [0222.902] RegisterContext () returned 0x0 [0222.902] GetProcessHeap () returned 0x770000 [0222.902] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.902] memcpy (in: _Dst=0x787850, _Src=0x187870, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.902] GetProcessHeap () returned 0x770000 [0222.902] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.902] RegisterContext () returned 0x0 [0222.902] _wcsicmp (_String1="dynamic", _String2="static") returned -15 [0222.902] _wcsicmp (_String1="dynamic", _String2="static") returned -15 [0222.902] GetProcessHeap () returned 0x770000 [0222.902] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78f250 [0222.903] memcpy (in: _Dst=0x78f250, _Src=0x187870, _Size=0x48 | out: _Dst=0x78f250) returned 0x78f250 [0222.903] memcpy (in: _Dst=0x78f298, _Src=0x787850, _Size=0x48 | out: _Dst=0x78f298) returned 0x78f298 [0222.903] GetProcessHeap () returned 0x770000 [0222.903] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787850) returned 1 [0222.903] RegisterContext () returned 0x0 [0222.903] _wcsicmp (_String1="static", _String2="dynamic") returned 15 [0222.903] _wcsicmp (_String1="static", _String2="static") returned 0 [0222.903] memcpy (in: _Dst=0x78f298, _Src=0x187870, _Size=0x48 | out: _Dst=0x78f298) returned 0x78f298 [0222.903] RegisterContext () returned 0x0 [0222.903] _wcsicmp (_String1="dynamic", _String2="dynamic") returned 0 [0222.903] memcpy (in: _Dst=0x78f250, _Src=0x187870, _Size=0x48 | out: _Dst=0x78f250) returned 0x78f250 [0222.903] RegisterContext () returned 0x0 [0222.903] _wcsicmp (_String1="wfp", _String2="advfirewall") returned 22 [0222.903] _wcsicmp (_String1="wfp", _String2="bridge") returned 21 [0222.903] _wcsicmp (_String1="wfp", _String2="dhcpclient") returned 19 [0222.903] _wcsicmp (_String1="wfp", _String2="dnsclient") returned 19 [0222.903] _wcsicmp (_String1="wfp", _String2="firewall") returned 17 [0222.903] _wcsicmp (_String1="wfp", _String2="http") returned 15 [0222.903] _wcsicmp (_String1="wfp", _String2="interface") returned 14 [0222.904] _wcsicmp (_String1="wfp", _String2="ipsec") returned 14 [0222.904] _wcsicmp (_String1="wfp", _String2="lan") returned 11 [0222.904] _wcsicmp (_String1="wfp", _String2="namespace") returned 9 [0222.904] _wcsicmp (_String1="wfp", _String2="netio") returned 9 [0222.904] _wcsicmp (_String1="wfp", _String2="ras") returned 5 [0222.904] _wcsicmp (_String1="wfp", _String2="advfirewall") returned 22 [0222.904] _wcsicmp (_String1="wfp", _String2="bridge") returned 21 [0222.904] _wcsicmp (_String1="wfp", _String2="dhcpclient") returned 19 [0222.904] _wcsicmp (_String1="wfp", _String2="dnsclient") returned 19 [0222.904] _wcsicmp (_String1="wfp", _String2="firewall") returned 17 [0222.904] _wcsicmp (_String1="wfp", _String2="http") returned 15 [0222.904] _wcsicmp (_String1="wfp", _String2="interface") returned 14 [0222.904] _wcsicmp (_String1="wfp", _String2="ipsec") returned 14 [0222.904] _wcsicmp (_String1="wfp", _String2="lan") returned 11 [0222.904] _wcsicmp (_String1="wfp", _String2="namespace") returned 9 [0222.904] _wcsicmp (_String1="wfp", _String2="netio") returned 9 [0222.904] _wcsicmp (_String1="wfp", _String2="ras") returned 5 [0222.904] GetProcessHeap () returned 0x770000 [0222.904] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x3a8) returned 0x7994b8 [0222.904] memcpy (in: _Dst=0x7994b8, _Src=0x7a1b68, _Size=0x360 | out: _Dst=0x7994b8) returned 0x7994b8 [0222.904] memcpy (in: _Dst=0x799818, _Src=0x187860, _Size=0x48 | out: _Dst=0x799818) returned 0x799818 [0222.904] GetProcessHeap () returned 0x770000 [0222.905] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7a1b68) returned 1 [0222.906] RegisterContext () returned 0x0 [0222.906] _wcsicmp (_String1="p2p", _String2="advfirewall") returned 15 [0222.906] _wcsicmp (_String1="p2p", _String2="bridge") returned 14 [0222.906] _wcsicmp (_String1="p2p", _String2="dhcpclient") returned 12 [0222.906] _wcsicmp (_String1="p2p", _String2="dnsclient") returned 12 [0222.906] _wcsicmp (_String1="p2p", _String2="firewall") returned 10 [0222.906] _wcsicmp (_String1="p2p", _String2="http") returned 8 [0222.906] _wcsicmp (_String1="p2p", _String2="interface") returned 7 [0222.906] _wcsicmp (_String1="p2p", _String2="ipsec") returned 7 [0222.906] _wcsicmp (_String1="p2p", _String2="lan") returned 4 [0222.906] _wcsicmp (_String1="p2p", _String2="namespace") returned 2 [0222.907] _wcsicmp (_String1="p2p", _String2="netio") returned 2 [0222.907] _wcsicmp (_String1="p2p", _String2="ras") returned -2 [0222.907] _wcsicmp (_String1="p2p", _String2="wfp") returned -7 [0222.907] _wcsicmp (_String1="p2p", _String2="advfirewall") returned 15 [0222.907] _wcsicmp (_String1="p2p", _String2="bridge") returned 14 [0222.907] _wcsicmp (_String1="p2p", _String2="dhcpclient") returned 12 [0222.907] _wcsicmp (_String1="p2p", _String2="dnsclient") returned 12 [0222.907] _wcsicmp (_String1="p2p", _String2="firewall") returned 10 [0222.907] _wcsicmp (_String1="p2p", _String2="http") returned 8 [0222.907] _wcsicmp (_String1="p2p", _String2="interface") returned 7 [0222.907] _wcsicmp (_String1="p2p", _String2="ipsec") returned 7 [0222.907] _wcsicmp (_String1="p2p", _String2="lan") returned 4 [0222.907] _wcsicmp (_String1="p2p", _String2="namespace") returned 2 [0222.907] _wcsicmp (_String1="p2p", _String2="netio") returned 2 [0222.907] _wcsicmp (_String1="p2p", _String2="ras") returned -2 [0222.907] GetProcessHeap () returned 0x770000 [0222.907] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x3f0) returned 0x799868 [0222.907] memcpy (in: _Dst=0x799868, _Src=0x7994b8, _Size=0x318 | out: _Dst=0x799868) returned 0x799868 [0222.907] memcpy (in: _Dst=0x799b80, _Src=0x1876e0, _Size=0x48 | out: _Dst=0x799b80) returned 0x799b80 [0222.907] memcpy (in: _Dst=0x799bc8, _Src=0x7997d0, _Size=0x90 | out: _Dst=0x799bc8) returned 0x799bc8 [0222.907] GetProcessHeap () returned 0x770000 [0222.908] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7994b8) returned 1 [0222.908] RegisterContext () returned 0x0 [0222.908] GetProcessHeap () returned 0x770000 [0222.908] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.908] memcpy (in: _Dst=0x787850, _Src=0x187870, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.908] GetProcessHeap () returned 0x770000 [0222.908] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.917] RegisterContext () returned 0x0 [0222.917] _wcsicmp (_String1="group", _String2="pnrp") returned -9 [0222.917] _wcsicmp (_String1="group", _String2="pnrp") returned -9 [0222.917] GetProcessHeap () returned 0x770000 [0222.917] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78f088 [0222.917] memcpy (in: _Dst=0x78f088, _Src=0x187870, _Size=0x48 | out: _Dst=0x78f088) returned 0x78f088 [0222.917] memcpy (in: _Dst=0x78f0d0, _Src=0x787850, _Size=0x48 | out: _Dst=0x78f0d0) returned 0x78f0d0 [0222.917] GetProcessHeap () returned 0x770000 [0222.918] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787850) returned 1 [0222.918] RegisterContext () returned 0x0 [0222.918] _wcsicmp (_String1="idmgr", _String2="group") returned 2 [0222.918] _wcsicmp (_String1="idmgr", _String2="pnrp") returned -7 [0222.918] _wcsicmp (_String1="idmgr", _String2="group") returned 2 [0222.918] _wcsicmp (_String1="idmgr", _String2="pnrp") returned -7 [0222.918] GetProcessHeap () returned 0x770000 [0222.918] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd8) returned 0x795150 [0222.918] memcpy (in: _Dst=0x795150, _Src=0x78f088, _Size=0x48 | out: _Dst=0x795150) returned 0x795150 [0222.918] memcpy (in: _Dst=0x795198, _Src=0x187870, _Size=0x48 | out: _Dst=0x795198) returned 0x795198 [0222.918] memcpy (in: _Dst=0x7951e0, _Src=0x78f0d0, _Size=0x48 | out: _Dst=0x7951e0) returned 0x7951e0 [0222.918] GetProcessHeap () returned 0x770000 [0222.918] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f088) returned 1 [0222.918] RegisterContext () returned 0x0 [0222.918] GetProcessHeap () returned 0x770000 [0222.918] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787940 [0222.918] memcpy (in: _Dst=0x787940, _Src=0x187870, _Size=0x48 | out: _Dst=0x787940) returned 0x787940 [0222.918] GetProcessHeap () returned 0x770000 [0222.918] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.919] RegisterContext () returned 0x0 [0222.919] _wcsicmp (_String1="diagnostics", _String2="cloud") returned 1 [0222.919] _wcsicmp (_String1="diagnostics", _String2="cloud") returned 1 [0222.919] GetProcessHeap () returned 0x770000 [0222.919] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x90) returned 0x78f4b0 [0222.919] memcpy (in: _Dst=0x78f4b0, _Src=0x787940, _Size=0x48 | out: _Dst=0x78f4b0) returned 0x78f4b0 [0222.919] memcpy (in: _Dst=0x78f4f8, _Src=0x187870, _Size=0x48 | out: _Dst=0x78f4f8) returned 0x78f4f8 [0222.919] GetProcessHeap () returned 0x770000 [0222.919] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x787940) returned 1 [0222.919] RegisterContext () returned 0x0 [0222.919] _wcsicmp (_String1="peer", _String2="cloud") returned 13 [0222.919] _wcsicmp (_String1="peer", _String2="diagnostics") returned 12 [0222.919] _wcsicmp (_String1="peer", _String2="cloud") returned 13 [0222.920] _wcsicmp (_String1="peer", _String2="diagnostics") returned 12 [0222.920] GetProcessHeap () returned 0x770000 [0222.920] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd8) returned 0x795358 [0222.920] memcpy (in: _Dst=0x795358, _Src=0x78f4b0, _Size=0x90 | out: _Dst=0x795358) returned 0x795358 [0222.920] memcpy (in: _Dst=0x7953e8, _Src=0x187870, _Size=0x48 | out: _Dst=0x7953e8) returned 0x7953e8 [0222.920] GetProcessHeap () returned 0x770000 [0222.920] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x78f4b0) returned 1 [0222.920] RegisterContext () returned 0x0 [0222.920] GetProcessHeap () returned 0x770000 [0222.920] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787990 [0222.920] memcpy (in: _Dst=0x787990, _Src=0x187870, _Size=0x48 | out: _Dst=0x787990) returned 0x787990 [0222.920] GetProcessHeap () returned 0x770000 [0222.920] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.920] RegisterContext () returned 0x0 [0222.920] _wcsicmp (_String1="rpc", _String2="advfirewall") returned 17 [0222.920] _wcsicmp (_String1="rpc", _String2="bridge") returned 16 [0222.921] _wcsicmp (_String1="rpc", _String2="dhcpclient") returned 14 [0222.921] _wcsicmp (_String1="rpc", _String2="dnsclient") returned 14 [0222.921] _wcsicmp (_String1="rpc", _String2="firewall") returned 12 [0222.921] _wcsicmp (_String1="rpc", _String2="http") returned 10 [0222.921] _wcsicmp (_String1="rpc", _String2="interface") returned 9 [0222.921] _wcsicmp (_String1="rpc", _String2="ipsec") returned 9 [0222.921] _wcsicmp (_String1="rpc", _String2="lan") returned 6 [0222.921] _wcsicmp (_String1="rpc", _String2="namespace") returned 4 [0222.921] _wcsicmp (_String1="rpc", _String2="netio") returned 4 [0222.921] _wcsicmp (_String1="rpc", _String2="p2p") returned 2 [0222.921] _wcsicmp (_String1="rpc", _String2="ras") returned 15 [0222.921] _wcsicmp (_String1="rpc", _String2="wfp") returned -5 [0222.921] _wcsicmp (_String1="rpc", _String2="advfirewall") returned 17 [0222.921] _wcsicmp (_String1="rpc", _String2="bridge") returned 16 [0222.921] _wcsicmp (_String1="rpc", _String2="dhcpclient") returned 14 [0222.921] _wcsicmp (_String1="rpc", _String2="dnsclient") returned 14 [0222.921] _wcsicmp (_String1="rpc", _String2="firewall") returned 12 [0222.921] _wcsicmp (_String1="rpc", _String2="http") returned 10 [0222.921] _wcsicmp (_String1="rpc", _String2="interface") returned 9 [0222.921] _wcsicmp (_String1="rpc", _String2="ipsec") returned 9 [0222.921] _wcsicmp (_String1="rpc", _String2="lan") returned 6 [0222.921] _wcsicmp (_String1="rpc", _String2="namespace") returned 4 [0222.922] _wcsicmp (_String1="rpc", _String2="netio") returned 4 [0222.922] _wcsicmp (_String1="rpc", _String2="p2p") returned 2 [0222.922] _wcsicmp (_String1="rpc", _String2="ras") returned 15 [0222.922] _wcsicmp (_String1="rpc", _String2="wfp") returned -5 [0222.922] GetProcessHeap () returned 0x770000 [0222.922] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x438) returned 0x799c60 [0222.922] memcpy (in: _Dst=0x799c60, _Src=0x799868, _Size=0x3a8 | out: _Dst=0x799c60) returned 0x799c60 [0222.922] memcpy (in: _Dst=0x79a008, _Src=0x187878, _Size=0x48 | out: _Dst=0x79a008) returned 0x79a008 [0222.922] memcpy (in: _Dst=0x79a050, _Src=0x799c10, _Size=0x48 | out: _Dst=0x79a050) returned 0x79a050 [0222.922] GetProcessHeap () returned 0x770000 [0222.922] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x799868) returned 1 [0222.922] RegisterContext () returned 0x0 [0222.922] GetProcessHeap () returned 0x770000 [0222.922] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787850 [0222.922] memcpy (in: _Dst=0x787850, _Src=0x187878, _Size=0x48 | out: _Dst=0x787850) returned 0x787850 [0222.922] GetProcessHeap () returned 0x770000 [0222.922] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.923] RegisterContext () returned 0x0 [0222.923] _wcsicmp (_String1="winhttp", _String2="advfirewall") returned 22 [0222.923] _wcsicmp (_String1="winhttp", _String2="bridge") returned 21 [0222.923] _wcsicmp (_String1="winhttp", _String2="dhcpclient") returned 19 [0222.923] _wcsicmp (_String1="winhttp", _String2="dnsclient") returned 19 [0222.923] _wcsicmp (_String1="winhttp", _String2="firewall") returned 17 [0222.923] _wcsicmp (_String1="winhttp", _String2="http") returned 15 [0222.923] _wcsicmp (_String1="winhttp", _String2="interface") returned 14 [0222.923] _wcsicmp (_String1="winhttp", _String2="ipsec") returned 14 [0222.923] _wcsicmp (_String1="winhttp", _String2="lan") returned 11 [0222.923] _wcsicmp (_String1="winhttp", _String2="namespace") returned 9 [0222.923] _wcsicmp (_String1="winhttp", _String2="netio") returned 9 [0222.923] _wcsicmp (_String1="winhttp", _String2="p2p") returned 7 [0222.923] _wcsicmp (_String1="winhttp", _String2="ras") returned 5 [0222.923] _wcsicmp (_String1="winhttp", _String2="rpc") returned 5 [0222.923] _wcsicmp (_String1="winhttp", _String2="wfp") returned 3 [0222.923] _wcsicmp (_String1="winhttp", _String2="advfirewall") returned 22 [0222.923] _wcsicmp (_String1="winhttp", _String2="bridge") returned 21 [0222.923] _wcsicmp (_String1="winhttp", _String2="dhcpclient") returned 19 [0222.923] _wcsicmp (_String1="winhttp", _String2="dnsclient") returned 19 [0222.923] _wcsicmp (_String1="winhttp", _String2="firewall") returned 17 [0222.923] _wcsicmp (_String1="winhttp", _String2="http") returned 15 [0222.924] _wcsicmp (_String1="winhttp", _String2="interface") returned 14 [0222.924] _wcsicmp (_String1="winhttp", _String2="ipsec") returned 14 [0222.924] _wcsicmp (_String1="winhttp", _String2="lan") returned 11 [0222.924] _wcsicmp (_String1="winhttp", _String2="namespace") returned 9 [0222.924] _wcsicmp (_String1="winhttp", _String2="netio") returned 9 [0222.924] _wcsicmp (_String1="winhttp", _String2="p2p") returned 7 [0222.924] _wcsicmp (_String1="winhttp", _String2="ras") returned 5 [0222.924] _wcsicmp (_String1="winhttp", _String2="rpc") returned 5 [0222.924] _wcsicmp (_String1="winhttp", _String2="wfp") returned 3 [0222.924] GetProcessHeap () returned 0x770000 [0222.924] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x480) returned 0x7994b8 [0222.924] memcpy (in: _Dst=0x7994b8, _Src=0x799c60, _Size=0x438 | out: _Dst=0x7994b8) returned 0x7994b8 [0222.924] memcpy (in: _Dst=0x7998f0, _Src=0x187878, _Size=0x48 | out: _Dst=0x7998f0) returned 0x7998f0 [0222.924] GetProcessHeap () returned 0x770000 [0222.925] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x799c60) returned 1 [0222.936] RegisterContext () returned 0x0 [0222.936] _wcsicmp (_String1="wlan", _String2="advfirewall") returned 22 [0222.936] _wcsicmp (_String1="wlan", _String2="bridge") returned 21 [0222.936] _wcsicmp (_String1="wlan", _String2="dhcpclient") returned 19 [0222.936] _wcsicmp (_String1="wlan", _String2="dnsclient") returned 19 [0222.936] _wcsicmp (_String1="wlan", _String2="firewall") returned 17 [0222.936] _wcsicmp (_String1="wlan", _String2="http") returned 15 [0222.936] _wcsicmp (_String1="wlan", _String2="interface") returned 14 [0222.936] _wcsicmp (_String1="wlan", _String2="ipsec") returned 14 [0222.936] _wcsicmp (_String1="wlan", _String2="lan") returned 11 [0222.936] _wcsicmp (_String1="wlan", _String2="namespace") returned 9 [0222.937] _wcsicmp (_String1="wlan", _String2="netio") returned 9 [0222.937] _wcsicmp (_String1="wlan", _String2="p2p") returned 7 [0222.937] _wcsicmp (_String1="wlan", _String2="ras") returned 5 [0222.937] _wcsicmp (_String1="wlan", _String2="rpc") returned 5 [0222.937] _wcsicmp (_String1="wlan", _String2="wfp") returned 6 [0222.937] _wcsicmp (_String1="wlan", _String2="winhttp") returned 3 [0222.937] _wcsicmp (_String1="wlan", _String2="advfirewall") returned 22 [0222.937] _wcsicmp (_String1="wlan", _String2="bridge") returned 21 [0222.937] _wcsicmp (_String1="wlan", _String2="dhcpclient") returned 19 [0222.937] _wcsicmp (_String1="wlan", _String2="dnsclient") returned 19 [0222.937] _wcsicmp (_String1="wlan", _String2="firewall") returned 17 [0222.937] _wcsicmp (_String1="wlan", _String2="http") returned 15 [0222.937] _wcsicmp (_String1="wlan", _String2="interface") returned 14 [0222.937] _wcsicmp (_String1="wlan", _String2="ipsec") returned 14 [0222.937] _wcsicmp (_String1="wlan", _String2="lan") returned 11 [0222.937] _wcsicmp (_String1="wlan", _String2="namespace") returned 9 [0222.937] _wcsicmp (_String1="wlan", _String2="netio") returned 9 [0222.937] _wcsicmp (_String1="wlan", _String2="p2p") returned 7 [0222.937] _wcsicmp (_String1="wlan", _String2="ras") returned 5 [0222.937] _wcsicmp (_String1="wlan", _String2="rpc") returned 5 [0222.937] _wcsicmp (_String1="wlan", _String2="wfp") returned 6 [0222.937] _wcsicmp (_String1="wlan", _String2="winhttp") returned 3 [0222.937] GetProcessHeap () returned 0x770000 [0222.937] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x4c8) returned 0x799bc8 [0222.937] memcpy (in: _Dst=0x799bc8, _Src=0x7994b8, _Size=0x480 | out: _Dst=0x799bc8) returned 0x799bc8 [0222.937] memcpy (in: _Dst=0x79a048, _Src=0x187878, _Size=0x48 | out: _Dst=0x79a048) returned 0x79a048 [0222.937] GetProcessHeap () returned 0x770000 [0222.938] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7994b8) returned 1 [0222.938] RegisterContext () returned 0x0 [0222.938] _wcsicmp (_String1="winsock", _String2="advfirewall") returned 22 [0222.938] _wcsicmp (_String1="winsock", _String2="bridge") returned 21 [0222.938] _wcsicmp (_String1="winsock", _String2="dhcpclient") returned 19 [0222.938] _wcsicmp (_String1="winsock", _String2="dnsclient") returned 19 [0222.938] _wcsicmp (_String1="winsock", _String2="firewall") returned 17 [0222.938] _wcsicmp (_String1="winsock", _String2="http") returned 15 [0222.938] _wcsicmp (_String1="winsock", _String2="interface") returned 14 [0222.938] _wcsicmp (_String1="winsock", _String2="ipsec") returned 14 [0222.938] _wcsicmp (_String1="winsock", _String2="lan") returned 11 [0222.938] _wcsicmp (_String1="winsock", _String2="namespace") returned 9 [0222.938] _wcsicmp (_String1="winsock", _String2="netio") returned 9 [0222.938] _wcsicmp (_String1="winsock", _String2="p2p") returned 7 [0222.938] _wcsicmp (_String1="winsock", _String2="ras") returned 5 [0222.939] _wcsicmp (_String1="winsock", _String2="rpc") returned 5 [0222.939] _wcsicmp (_String1="winsock", _String2="wfp") returned 3 [0222.939] _wcsicmp (_String1="winsock", _String2="winhttp") returned 11 [0222.939] _wcsicmp (_String1="winsock", _String2="wlan") returned -3 [0222.939] _wcsicmp (_String1="winsock", _String2="advfirewall") returned 22 [0222.939] _wcsicmp (_String1="winsock", _String2="bridge") returned 21 [0222.939] _wcsicmp (_String1="winsock", _String2="dhcpclient") returned 19 [0222.939] _wcsicmp (_String1="winsock", _String2="dnsclient") returned 19 [0222.939] _wcsicmp (_String1="winsock", _String2="firewall") returned 17 [0222.939] _wcsicmp (_String1="winsock", _String2="http") returned 15 [0222.939] _wcsicmp (_String1="winsock", _String2="interface") returned 14 [0222.939] _wcsicmp (_String1="winsock", _String2="ipsec") returned 14 [0222.939] _wcsicmp (_String1="winsock", _String2="lan") returned 11 [0222.939] _wcsicmp (_String1="winsock", _String2="namespace") returned 9 [0222.939] _wcsicmp (_String1="winsock", _String2="netio") returned 9 [0222.939] _wcsicmp (_String1="winsock", _String2="p2p") returned 7 [0222.939] _wcsicmp (_String1="winsock", _String2="ras") returned 5 [0222.939] _wcsicmp (_String1="winsock", _String2="rpc") returned 5 [0222.939] _wcsicmp (_String1="winsock", _String2="wfp") returned 3 [0222.939] _wcsicmp (_String1="winsock", _String2="winhttp") returned 11 [0222.939] _wcsicmp (_String1="winsock", _String2="wlan") returned -3 [0222.939] GetProcessHeap () returned 0x770000 [0222.939] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x510) returned 0x79c128 [0222.939] memcpy (in: _Dst=0x79c128, _Src=0x799bc8, _Size=0x480 | out: _Dst=0x79c128) returned 0x79c128 [0222.939] memcpy (in: _Dst=0x79c5a8, _Src=0x187874, _Size=0x48 | out: _Dst=0x79c5a8) returned 0x79c5a8 [0222.939] memcpy (in: _Dst=0x79c5f0, _Src=0x79a048, _Size=0x48 | out: _Dst=0x79c5f0) returned 0x79c5f0 [0222.939] GetProcessHeap () returned 0x770000 [0222.940] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x799bc8) returned 1 [0222.984] RegisterContext () returned 0x0 [0222.984] _wcsicmp (_String1="branchcache", _String2="advfirewall") returned 1 [0222.984] _wcsicmp (_String1="branchcache", _String2="bridge") returned -8 [0222.984] _wcsicmp (_String1="branchcache", _String2="dhcpclient") returned -2 [0222.984] _wcsicmp (_String1="branchcache", _String2="dnsclient") returned -2 [0222.984] _wcsicmp (_String1="branchcache", _String2="firewall") returned -4 [0222.984] _wcsicmp (_String1="branchcache", _String2="http") returned -6 [0222.984] _wcsicmp (_String1="branchcache", _String2="interface") returned -7 [0222.984] _wcsicmp (_String1="branchcache", _String2="ipsec") returned -7 [0222.984] _wcsicmp (_String1="branchcache", _String2="lan") returned -10 [0222.984] _wcsicmp (_String1="branchcache", _String2="namespace") returned -12 [0222.984] _wcsicmp (_String1="branchcache", _String2="netio") returned -12 [0222.984] _wcsicmp (_String1="branchcache", _String2="p2p") returned -14 [0222.984] _wcsicmp (_String1="branchcache", _String2="ras") returned -16 [0222.984] _wcsicmp (_String1="branchcache", _String2="rpc") returned -16 [0222.984] _wcsicmp (_String1="branchcache", _String2="wfp") returned -21 [0222.984] _wcsicmp (_String1="branchcache", _String2="winhttp") returned -21 [0222.984] _wcsicmp (_String1="branchcache", _String2="winsock") returned -21 [0222.984] _wcsicmp (_String1="branchcache", _String2="wlan") returned -21 [0222.984] _wcsicmp (_String1="branchcache", _String2="advfirewall") returned 1 [0222.984] _wcsicmp (_String1="branchcache", _String2="bridge") returned -8 [0222.984] GetProcessHeap () returned 0x770000 [0222.985] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x558) returned 0x79c640 [0222.985] memcpy (in: _Dst=0x79c640, _Src=0x79c128, _Size=0x48 | out: _Dst=0x79c640) returned 0x79c640 [0222.985] memcpy (in: _Dst=0x79c688, _Src=0x187870, _Size=0x48 | out: _Dst=0x79c688) returned 0x79c688 [0222.985] memcpy (in: _Dst=0x79c6d0, _Src=0x79c170, _Size=0x4c8 | out: _Dst=0x79c6d0) returned 0x79c6d0 [0222.985] GetProcessHeap () returned 0x770000 [0222.985] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c128) returned 1 [0222.985] RegisterContext () returned 0x0 [0222.985] GetProcessHeap () returned 0x770000 [0222.985] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x48) returned 0x787940 [0222.985] memcpy (in: _Dst=0x787940, _Src=0x187870, _Size=0x48 | out: _Dst=0x787940) returned 0x787940 [0222.985] GetProcessHeap () returned 0x770000 [0222.985] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x0) returned 1 [0222.986] SetConsoleCtrlHandler (HandlerRoutine=0xcd82a0, Add=1) returned 1 [0222.986] SetThreadUILanguage (LangId=0x0) returned 0x409 [0222.986] _wcsicmp (_String1="firewall", _String2="-?") returned 57 [0222.986] _wcsicmp (_String1="firewall", _String2="-h") returned 57 [0222.986] _wcsicmp (_String1="firewall", _String2="?") returned 39 [0222.986] _wcsicmp (_String1="firewall", _String2="/?") returned 55 [0222.986] _wcsicmp (_String1="firewall", _String2="-v") returned 57 [0222.986] _wcsicmp (_String1="firewall", _String2="-a") returned 57 [0222.986] _wcsicmp (_String1="firewall", _String2="-c") returned 57 [0222.986] _wcsicmp (_String1="firewall", _String2="-f") returned 57 [0222.986] _wcsicmp (_String1="firewall", _String2="-r") returned 57 [0222.987] _wcsicmp (_String1="firewall", _String2="-u") returned 57 [0222.987] _wcsicmp (_String1="firewall", _String2="-p") returned 57 [0222.987] GetVersionExW (in: lpVersionInformation=0x1877ec*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1877ec*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0222.987] _vsnwprintf (in: _Buffer=0xce3780, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x1877d8 | out: _Buffer="10.0.10586") returned 10 [0222.987] _vsnwprintf (in: _Buffer=0xce3990, _BufferCount=0x103, _Format="%d", _ArgList=0x1877c8 | out: _Buffer="10586") returned 5 [0222.987] _vsnwprintf (in: _Buffer=0xce3ba0, _BufferCount=0x103, _Format="%d", _ArgList=0x1877b8 | out: _Buffer="0") returned 1 [0222.987] _vsnwprintf (in: _Buffer=0xce3db0, _BufferCount=0x103, _Format="%d", _ArgList=0x1877a8 | out: _Buffer="0") returned 1 [0222.987] GetProcessHeap () returned 0x770000 [0222.987] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794e58 [0222.987] GetProcessHeap () returned 0x770000 [0222.987] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794e70 [0222.987] GetProcessHeap () returned 0x770000 [0222.987] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f78 [0222.987] GetProcessHeap () returned 0x770000 [0222.987] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f18 [0222.987] GetProcessHeap () returned 0x770000 [0222.987] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f30 [0222.987] wcscpy_s (in: _Destination=0x794f30, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0222.987] GetProcessHeap () returned 0x770000 [0222.987] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f78) returned 1 [0222.987] GetProcessHeap () returned 0x770000 [0222.987] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794e70) returned 1 [0222.987] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794e70 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f48 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc4) returned 0x79acb0 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f60 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x797c68 [0222.988] wcscpy_s (in: _Destination=0x797c68, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f78 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x788590 [0222.988] wcscpy_s (in: _Destination=0x788590, _SizeInWords=0x4, _Source="add" | out: _Destination="add") returned 0x0 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f00 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1e) returned 0x7938b0 [0222.988] wcscpy_s (in: _Destination=0x7938b0, _SizeInWords=0xf, _Source="allowedprogram" | out: _Destination="allowedprogram") returned 0x0 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794f90 [0222.988] GetProcessHeap () returned 0x770000 [0222.988] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x68) returned 0x789eb0 [0222.988] wcscpy_s (in: _Destination=0x789eb0, _SizeInWords=0x34, _Source="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" | out: _Destination="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe") returned 0x0 [0222.989] GetProcessHeap () returned 0x770000 [0222.989] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794ed0 [0222.989] GetProcessHeap () returned 0x770000 [0222.989] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x797ae8 [0222.989] wcscpy_s (in: _Destination=0x797ae8, _SizeInWords=0xb, _Source="server.exe" | out: _Destination="server.exe") returned 0x0 [0222.989] GetProcessHeap () returned 0x770000 [0222.989] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x794ee8 [0222.989] GetProcessHeap () returned 0x770000 [0222.989] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xe) returned 0x79c3b0 [0222.989] wcscpy_s (in: _Destination=0x79c3b0, _SizeInWords=0x7, _Source="ENABLE" | out: _Destination="ENABLE") returned 0x0 [0222.989] GetProcessHeap () returned 0x770000 [0222.989] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79acb0) returned 1 [0222.989] GetProcessHeap () returned 0x770000 [0222.989] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f48) returned 1 [0222.989] GetProcessHeap () returned 0x770000 [0222.989] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c440 [0222.989] GetProcessHeap () returned 0x770000 [0222.990] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x797988 [0222.990] wcscpy_s (in: _Destination=0x797988, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797c68) returned 1 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f60) returned 1 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c368 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x797a68 [0222.990] wcscpy_s (in: _Destination=0x797a68, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797988) returned 1 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c440) returned 1 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c248 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7885b0 [0222.990] wcscpy_s (in: _Destination=0x7885b0, _SizeInWords=0x4, _Source="add" | out: _Destination="add") returned 0x0 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788590) returned 1 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f78) returned 1 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c2d8 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1e) returned 0x793a18 [0222.990] wcscpy_s (in: _Destination=0x793a18, _SizeInWords=0xf, _Source="allowedprogram" | out: _Destination="allowedprogram") returned 0x0 [0222.990] GetProcessHeap () returned 0x770000 [0222.990] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7938b0) returned 1 [0222.990] GetProcessHeap () returned 0x770000 [0222.991] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f00) returned 1 [0222.991] GetProcessHeap () returned 0x770000 [0222.991] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c290 [0222.991] GetProcessHeap () returned 0x770000 [0222.991] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x68) returned 0x799ca0 [0222.991] wcscpy_s (in: _Destination=0x799ca0, _SizeInWords=0x34, _Source="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" | out: _Destination="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe") returned 0x0 [0222.991] GetProcessHeap () returned 0x770000 [0222.991] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x789eb0) returned 1 [0222.991] GetProcessHeap () returned 0x770000 [0222.991] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f90) returned 1 [0222.991] GetProcessHeap () returned 0x770000 [0222.991] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c380 [0222.991] GetProcessHeap () returned 0x770000 [0222.991] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x7979a8 [0222.991] wcscpy_s (in: _Destination=0x7979a8, _SizeInWords=0xb, _Source="server.exe" | out: _Destination="server.exe") returned 0x0 [0222.991] GetProcessHeap () returned 0x770000 [0222.991] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797ae8) returned 1 [0222.991] GetProcessHeap () returned 0x770000 [0222.992] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794ed0) returned 1 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c338 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xe) returned 0x79c308 [0222.992] wcscpy_s (in: _Destination=0x79c308, _SizeInWords=0x7, _Source="ENABLE" | out: _Destination="ENABLE") returned 0x0 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c3b0) returned 1 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794ee8) returned 1 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1c) returned 0x793720 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c230 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x797c08 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x788450 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1e) returned 0x7939c8 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x68) returned 0x789eb0 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x797ba8 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xe) returned 0x79c1b8 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c410 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x79c410, Size=0xe) returned 0x79c398 [0222.992] GetProcessHeap () returned 0x770000 [0222.992] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x79c398, Size=0x1e) returned 0x793810 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x793810, Size=0x20) returned 0x793b30 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x793b30, Size=0x26) returned 0x798988 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x798988, Size=0x28) returned 0x798a78 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x798a78, Size=0x44) returned 0x7879e0 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x7879e0, Size=0x46) returned 0x787a30 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x787a30, Size=0xac) returned 0x79c530 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x79c530, Size=0xae) returned 0x79c530 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x79c530, Size=0xc2) returned 0x79c530 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x79c530, Size=0xc4) returned 0x79c530 [0222.993] GetProcessHeap () returned 0x770000 [0222.993] RtlReAllocateHeap (Heap=0x770000, Flags=0x0, Ptr=0x79c530, Size=0xd0) returned 0x79c530 [0222.993] GetProcessHeap () returned 0x770000 [0222.994] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c530) returned 1 [0222.994] lstrcmpiW (lpString1="netsh", lpString2="namespace") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="branchcache") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="advfirewall") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="firewall") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="interface") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="dhcp") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="dnsclient") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="routing") returned -1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="ip") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="ipv6") returned 1 [0222.995] lstrcmpiW (lpString1="netsh", lpString2="aaaa") returned 1 [0222.996] lstrcmpiW (lpString1="netsh", lpString2="ras") returned -1 [0222.996] _wcsnicmp (_String1="firewall", _String2="dump", _MaxCount=0x8) returned 2 [0222.996] _wcsnicmp (_String1="firewall", _String2="help", _MaxCount=0x8) returned -2 [0222.996] _wcsnicmp (_String1="firewall", _String2="?", _MaxCount=0x8) returned 39 [0222.996] _wcsnicmp (_String1="firewall", _String2="exec", _MaxCount=0x8) returned 1 [0222.996] _wcsnicmp (_String1="firewall", _String2="advfirew", _MaxCount=0x8) returned 5 [0222.996] _wcsnicmp (_String1="firewall", _String2="branchca", _MaxCount=0x8) returned 4 [0222.996] _wcsnicmp (_String1="firewall", _String2="bridge", _MaxCount=0x8) returned 4 [0222.996] _wcsnicmp (_String1="firewall", _String2="dhcpclie", _MaxCount=0x8) returned 2 [0222.996] _wcsnicmp (_String1="firewall", _String2="dnsclien", _MaxCount=0x8) returned 2 [0222.996] _wcsnicmp (_String1="firewall", _String2="firewall", _MaxCount=0x8) returned 0 [0222.996] lstrcmpiW (lpString1="firewall", lpString2="namespace") returned -1 [0222.996] lstrcmpiW (lpString1="firewall", lpString2="branchcache") returned 1 [0222.996] lstrcmpiW (lpString1="firewall", lpString2="advfirewall") returned 1 [0222.997] lstrcmpiW (lpString1="firewall", lpString2="firewall") returned 0 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c2c0 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c278 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xd0) returned 0x79ccd0 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c3c8 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c410 [0222.997] wcscpy_s (in: _Destination=0x79c410, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c158 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x797a28 [0222.997] wcscpy_s (in: _Destination=0x797a28, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c428 [0222.997] GetProcessHeap () returned 0x770000 [0222.997] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x8) returned 0x7885f0 [0222.997] wcscpy_s (in: _Destination=0x7885f0, _SizeInWords=0x4, _Source="add" | out: _Destination="add") returned 0x0 [0222.997] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c398 [0222.998] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x1e) returned 0x793ab8 [0222.998] wcscpy_s (in: _Destination=0x793ab8, _SizeInWords=0xf, _Source="allowedprogram" | out: _Destination="allowedprogram") returned 0x0 [0222.998] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c1a0 [0222.998] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x68) returned 0x79c530 [0222.998] wcscpy_s (in: _Destination=0x79c530, _SizeInWords=0x34, _Source="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe" | out: _Destination="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\server.exe") returned 0x0 [0222.998] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c3b0 [0222.998] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x16) returned 0x797988 [0222.998] wcscpy_s (in: _Destination=0x797988, _SizeInWords=0xb, _Source="server.exe" | out: _Destination="server.exe") returned 0x0 [0222.998] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xc) returned 0x79c3e0 [0222.998] GetProcessHeap () returned 0x770000 [0222.998] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xe) returned 0x79c440 [0222.998] wcscpy_s (in: _Destination=0x79c440, _SizeInWords=0x7, _Source="ENABLE" | out: _Destination="ENABLE") returned 0x0 [0222.998] GetProcessHeap () returned 0x770000 [0222.999] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79ccd0) returned 1 [0222.999] GetProcessHeap () returned 0x770000 [0222.999] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c278) returned 1 [0222.999] GetProcessHeap () returned 0x770000 [0222.999] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797a28) returned 1 [0222.999] GetProcessHeap () returned 0x770000 [0222.999] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x12) returned 0x797c48 [0222.999] lstrcmpiW (lpString1="firewall", lpString2="routing") returned -1 [0222.999] lstrcmpiW (lpString1="firewall", lpString2="ip") returned -1 [0222.999] lstrcmpiW (lpString1="firewall", lpString2="ipv6") returned -1 [0222.999] lstrcmpiW (lpString1="firewall", lpString2="aaaa") returned 1 [0222.999] lstrcmpiW (lpString1="firewall", lpString2="ras") returned -1 [0222.999] _wcsnicmp (_String1="add", _String2="dum", _MaxCount=0x3) returned -3 [0222.999] _wcsnicmp (_String1="add", _String2="hel", _MaxCount=0x3) returned -7 [0222.999] _wcsnicmp (_String1="add", _String2="?", _MaxCount=0x3) returned 34 [0223.000] _wcsnicmp (_String1="add", _String2="res", _MaxCount=0x3) returned -17 [0223.000] _wcsnicmp (_String1="add", _String2="add", _MaxCount=0x3) returned 0 [0223.000] _wcsnicmp (_String1="allowedprogram", _String2="help", _MaxCount=0xe) returned -7 [0223.000] _wcsnicmp (_String1="allowedprogram", _String2="?", _MaxCount=0xe) returned 34 [0223.000] wcstok (in: _String="allowedprogram", _Delimiter=" ", _Context=0x79c7a8 | out: _String="allowedprogram", _Context=0x79c7a8) returned="allowedprogram" [0223.000] _wcsnicmp (_String1="allowedprogram", _String2="allowedprogram", _MaxCount=0xe) returned 0 [0223.000] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x79c7a8 | out: _String=0x0, _Context=0x79c7a8) returned 0x0 [0223.000] lstrcmpiW (lpString1="firewall", lpString2="netsh") returned -1 [0223.000] WinSqmAddToStream () returned 0x2487 [0223.000] MatchEnumTag () returned 0x0 [0223.000] _wcsnicmp (_String1="ENABLE", _String2="enable", _MaxCount=0x6) returned 0 [0223.345] PrintError () returned 0x131 [0223.345] LoadStringW (in: hInstance=0x73c20000, uID=0x119a, lpBuffer=0x17f700, cchBufferMax=16384 | out: lpBuffer="\nIMPORTANT: Command executed successfully.\nHowever, \"netsh firewall\" is deprecated;\nuse \"netsh advfirewall firewall\" instead.\nFor more information on using \"netsh advfirewall firewall\" commands\ninstead of \"netsh firewall\", see KB article 947709\nat http://go.microsoft.com/fwlink/?linkid=121488 .\n\n") returned 0x129 [0223.346] FormatMessageW (in: dwFlags=0x500, lpSource=0x17f700, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x17f6fc, nSize=0x0, Arguments=0x17f6f8 | out: lpBuffer="㜠\x83\nIMPORTANT: Command executed successfully.\nHowever, \"netsh firewall\" is deprecated;\nuse \"netsh advfirewall firewall\" instead.\nFor more information on using \"netsh advfirewall firewall\" commands\ninstead of \"netsh firewall\", see KB article 947709\nat http://go.microsoft.com/fwlink/?linkid=121488 .\n\n") returned 0x131 [0223.347] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0223.347] GetConsoleOutputCP () returned 0x1b5 [0223.347] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 306 [0223.347] GetProcessHeap () returned 0x770000 [0223.347] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x132) returned 0x84cb08 [0223.347] GetConsoleOutputCP () returned 0x1b5 [0223.347] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x84cb08, cbMultiByte=306, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nIMPORTANT: Command executed successfully.\r\nHowever, \"netsh firewall\" is deprecated;\r\nuse \"netsh advfirewall firewall\" instead.\r\nFor more information on using \"netsh advfirewall firewall\" commands\r\ninstead of \"netsh firewall\", see KB article 947709\r\nat http://go.microsoft.com/fwlink/?linkid=121488 .\r\n\r\n", lpUsedDefaultChar=0x0) returned 306 [0223.347] WriteFile (in: hFile=0x3c, lpBuffer=0x84cb08*, nNumberOfBytesToWrite=0x131, lpNumberOfBytesWritten=0x17f6dc, lpOverlapped=0x0 | out: lpBuffer=0x84cb08*, lpNumberOfBytesWritten=0x17f6dc*=0x131, lpOverlapped=0x0) returned 1 [0223.372] GetProcessHeap () returned 0x770000 [0223.373] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x84cb08) returned 1 [0223.373] LocalFree (hMem=0x833720) returned 0x0 [0223.373] LoadStringW (in: hInstance=0x0, uID=0x2, lpBuffer=0x17f7b4, cchBufferMax=16384 | out: lpBuffer="Ok.\n") returned 0x4 [0223.373] FormatMessageW (in: dwFlags=0x500, lpSource=0x17f7b4, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x17f798, nSize=0x0, Arguments=0x17f7b0 | out: lpBuffer="ⴸx瞼\x18腣Íꇠ珂㪧") returned 0x5 [0223.373] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0223.373] GetConsoleOutputCP () returned 0x1b5 [0223.373] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0223.373] GetProcessHeap () returned 0x770000 [0223.373] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x6) returned 0x788590 [0223.373] GetConsoleOutputCP () returned 0x1b5 [0223.374] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Ok.\r\n", cchWideChar=-1, lpMultiByteStr=0x788590, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ok.\r\n", lpUsedDefaultChar=0x0) returned 6 [0223.374] WriteFile (in: hFile=0x3c, lpBuffer=0x788590*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x17f784, lpOverlapped=0x0 | out: lpBuffer=0x788590*, lpNumberOfBytesWritten=0x17f784*=0x5, lpOverlapped=0x0) returned 1 [0223.374] GetProcessHeap () returned 0x770000 [0223.374] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788590) returned 1 [0223.374] LocalFree (hMem=0x782d38) returned 0x0 [0223.374] FormatMessageW (in: dwFlags=0x500, lpSource=0xcd1244, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x1877b0, nSize=0x0, Arguments=0x1877bc | out: lpBuffer="仨y矀\x18胐Í矌\x18矤\x18寯ÍቄÍ잨y") returned 0x2 [0223.375] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0223.375] GetConsoleOutputCP () returned 0x1b5 [0223.375] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0223.375] GetProcessHeap () returned 0x770000 [0223.375] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x3) returned 0x788430 [0223.375] GetConsoleOutputCP () returned 0x1b5 [0223.376] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x788430, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0223.376] WriteFile (in: hFile=0x3c, lpBuffer=0x788430*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18779c, lpOverlapped=0x0 | out: lpBuffer=0x788430*, lpNumberOfBytesWritten=0x18779c*=0x2, lpOverlapped=0x0) returned 1 [0223.376] GetProcessHeap () returned 0x770000 [0223.376] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788430) returned 1 [0223.376] LocalFree (hMem=0x794ee8) returned 0x0 [0223.376] GetProcessHeap () returned 0x770000 [0223.376] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c230) returned 1 [0223.376] GetProcessHeap () returned 0x770000 [0223.376] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797c08) returned 1 [0223.376] GetProcessHeap () returned 0x770000 [0223.376] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x788450) returned 1 [0223.376] GetProcessHeap () returned 0x770000 [0223.376] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7939c8) returned 1 [0223.376] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x789eb0) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797ba8) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c1b8) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x793720) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x797a68) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c368) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7885b0) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c248) returned 1 [0223.377] GetProcessHeap () returned 0x770000 [0223.377] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x793a18) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c2d8) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x799ca0) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c290) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7979a8) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c380) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c308) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79c338) returned 1 [0223.378] GetProcessHeap () returned 0x770000 [0223.378] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794e70) returned 1 [0223.379] GetProcessHeap () returned 0x770000 [0223.379] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f30) returned 1 [0223.379] GetProcessHeap () returned 0x770000 [0223.379] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794f18) returned 1 [0223.379] GetProcessHeap () returned 0x770000 [0223.379] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794e58) returned 1 [0223.407] GetProcessHeap () returned 0x770000 [0223.408] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x79cdd8) returned 1 [0223.408] FreeLibrary (hLibModule=0xcd0000) returned 1 [0223.408] FreeLibrary (hLibModule=0x74630000) returned 1 [0223.409] FreeLibrary (hLibModule=0x745b0000) returned 1 [0223.489] free (_Block=0x9a3ca8) [0223.490] LocalFree (hMem=0x785300) returned 0x0 [0223.491] LocalFree (hMem=0x785480) returned 0x0 [0223.491] LocalFree (hMem=0x7824c0) returned 0x0 [0223.491] LocalFree (hMem=0x781e68) returned 0x0 [0223.491] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x794fa8 [0223.491] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x794d50 [0223.491] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x794dc8 [0223.491] free (_Block=0x9a1198) [0223.491] free (_Block=0x0) [0223.491] free (_Block=0x9a1180) [0223.491] free (_Block=0x9a3c40) [0223.491] free (_Block=0x9a3c88) [0223.491] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x796e48 [0223.496] LocalFree (hMem=0x796e48) returned 0x0 [0223.497] LocalFree (hMem=0x785510) returned 0x0 [0223.497] LocalFree (hMem=0x794fa8) returned 0x0 [0223.498] free (_Block=0x9a3b38) [0223.499] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x777c0000 [0223.499] FreeLibrary (hLibModule=0x777c0000) returned 1 [0223.499] LocalFree (hMem=0x794dc8) returned 0x0 [0223.499] LocalFree (hMem=0x794d50) returned 0x0 [0223.499] GlobalHandle (pMem=0x7851f0) returned 0x6a0004 [0223.499] GlobalUnlock (hMem=0x6a0004) returned 0 [0223.511] FreeLibrary (hLibModule=0x72e40000) returned 1 [0223.513] FreeLibrary (hLibModule=0x73c30000) returned 1 [0223.515] FreeLibrary (hLibModule=0x72de0000) returned 1 [0223.525] FreeLibrary (hLibModule=0x73c20000) returned 1 [0223.526] FreeLibrary (hLibModule=0x72f00000) returned 1 [0223.552] FreeLibrary (hLibModule=0x72ca0000) returned 1 [0223.555] FreeLibrary (hLibModule=0x72bf0000) returned 1 [0223.556] FreeLibrary (hLibModule=0x72110000) returned 1 [0223.588] FreeLibrary (hLibModule=0x71f60000) returned 1 [0223.591] FreeLibrary (hLibModule=0x71ef0000) returned 1 [0223.602] FreeLibrary (hLibModule=0x72bd0000) returned 1 [0223.604] FreeLibrary (hLibModule=0x71eb0000) returned 1 [0223.608] FreeLibrary (hLibModule=0x71dd0000) returned 1 [0223.623] FreeLibrary (hLibModule=0x71cf0000) returned 1 [0223.638] FreeLibrary (hLibModule=0x71bf0000) returned 1 [0223.684] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x794a30) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x770598) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776ce0) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x777340) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776f78) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776f88) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776d40) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776d50) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776d60) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776d70) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776d80) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.685] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776d90) returned 1 [0223.685] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776da0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776970) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776980) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x776990) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778ed0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f40) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778ef0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f00) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778ec0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778fd0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778e70) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778ea0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778eb0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778ee0) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778e90) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778e80) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.686] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f10) returned 1 [0223.686] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f20) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f30) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f90) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f80) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778fb0) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778fe0) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f50) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f60) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778ff0) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778e60) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778f70) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778fa0) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778fc0) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779000) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778e30) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778e40) returned 1 [0223.687] GetProcessHeap () returned 0x770000 [0223.687] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x778e50) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779260) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779280) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779270) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7792b0) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7793e0) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779390) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7792e0) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7792c0) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779290) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7792d0) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779240) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779360) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7793a0) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779330) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779310) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779370) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.688] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7793b0) returned 1 [0223.688] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779350) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779250) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779400) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779340) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779380) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7793c0) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7793d0) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7793f0) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7792f0) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7792a0) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779300) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779320) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779070) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779180) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7790d0) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779050) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.689] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7791d0) returned 1 [0223.689] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7790f0) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779040) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7790a0) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7790e0) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779100) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779060) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7791e0) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7791f0) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779230) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779080) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779220) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779090) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779200) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779190) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7790b0) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7791a0) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.690] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779170) returned 1 [0223.690] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7790c0) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7791b0) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7791c0) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779210) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779150) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779110) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779160) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779120) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779130) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779140) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779508) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7795b8) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7794f8) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779608) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779568) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7794b8) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779468) returned 1 [0223.691] GetProcessHeap () returned 0x770000 [0223.691] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779618) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779588) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779638) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779548) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779518) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779498) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7794c8) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779448) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779478) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779488) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7794a8) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779628) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779458) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7795c8) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7794d8) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7794e8) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779528) returned 1 [0223.692] GetProcessHeap () returned 0x770000 [0223.692] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779578) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7795d8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7795a8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779538) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779598) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779558) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7795e8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7795f8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7797e8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779708) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7797c8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7796d8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7796e8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7796b8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7797d8) returned 1 [0223.693] GetProcessHeap () returned 0x770000 [0223.693] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779718) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7796f8) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7797f8) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779798) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779808) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779728) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7797a8) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779738) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779748) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779778) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779658) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779688) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7796a8) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779788) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779758) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779768) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7797b8) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779668) returned 1 [0223.694] GetProcessHeap () returned 0x770000 [0223.694] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7796c8) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779648) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779678) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779698) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b40) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779a50) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779c00) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b10) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779bb0) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779aa0) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b70) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779ab0) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779bd0) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779af0) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b90) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779c10) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b60) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779a90) returned 1 [0223.695] GetProcessHeap () returned 0x770000 [0223.695] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779a70) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b50) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b00) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779ac0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779bc0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b30) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779bf0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b80) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779ba0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779a60) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779be0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779a80) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779ad0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779ae0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779b20) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7798a0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779890) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.696] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7798d0) returned 1 [0223.696] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7798e0) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7798b0) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7799e0) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779900) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779950) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779910) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779990) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779980) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779920) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7798f0) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x7799a0) returned 1 [0223.697] GetProcessHeap () returned 0x770000 [0223.697] RtlFreeHeap (HeapHandle=0x770000, Flags=0x0, BaseAddress=0x779870) returned 1 [0223.697] exit (_Code=0) Thread: id = 43 os_tid = 0x57c Thread: id = 44 os_tid = 0x7b8 [0223.402] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x794fa8 [0223.402] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x794ca8 [0223.402] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x794cf0 [0223.402] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x796c08 [0223.402] LocalReAlloc (hMem=0x794cf0, uBytes=0x10, uFlags=0x2) returned 0x782d38 [0223.403] LocalFree (hMem=0x794fa8) returned 0x0 [0223.404] LocalFree (hMem=0x796c08) returned 0x0 [0223.404] LocalFree (hMem=0x782d38) returned 0x0 [0223.404] LocalFree (hMem=0x794ca8) returned 0x0 Thread: id = 45 os_tid = 0x338 Process: id = "8" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x49c000" os_pid = "0x5e0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x804" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f23a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1583 start_va = 0x33200000 end_va = 0x333fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033200000" filename = "" Region: id = 1584 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1585 start_va = 0x1ef3170000 end_va = 0x1ef31affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef3170000" filename = "" Region: id = 1586 start_va = 0x1ef3200000 end_va = 0x1ef33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef3200000" filename = "" Region: id = 1587 start_va = 0x13669930000 end_va = 0x1366994ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669930000" filename = "" Region: id = 1588 start_va = 0x13669950000 end_va = 0x13669964fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669950000" filename = "" Region: id = 1589 start_va = 0x7df5ff040000 end_va = 0x7ff5ff03ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff040000" filename = "" Region: id = 1590 start_va = 0x7ff7020c0000 end_va = 0x7ff7020e2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7020c0000" filename = "" Region: id = 1591 start_va = 0x7ff702ec0000 end_va = 0x7ff702ed0fff monitored = 0 entry_point = 0x7ff702ec16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 1592 start_va = 0x7ffa34c50000 end_va = 0x7ffa34e10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1593 start_va = 0x13669970000 end_va = 0x13669bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669970000" filename = "" Region: id = 1594 start_va = 0x7ffa33620000 end_va = 0x7ffa336ccfff monitored = 0 entry_point = 0x7ffa336381a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1595 start_va = 0x7ffa31b70000 end_va = 0x7ffa31d57fff monitored = 0 entry_point = 0x7ffa31b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1596 start_va = 0x13669930000 end_va = 0x1366993ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669930000" filename = "" Region: id = 1597 start_va = 0x7ff701fc0000 end_va = 0x7ff7020bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff701fc0000" filename = "" Region: id = 1598 start_va = 0x13669970000 end_va = 0x13669a2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1599 start_va = 0x13669b00000 end_va = 0x13669bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669b00000" filename = "" Region: id = 1600 start_va = 0x7ffa33f40000 end_va = 0x7ffa33fdcfff monitored = 0 entry_point = 0x7ffa33f478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1601 start_va = 0x1ef31b0000 end_va = 0x1ef31effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef31b0000" filename = "" Region: id = 1602 start_va = 0x13669940000 end_va = 0x1366994ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669940000" filename = "" Region: id = 1603 start_va = 0x13669a30000 end_va = 0x13669a36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669a30000" filename = "" Region: id = 1604 start_va = 0x7ffa1e570000 end_va = 0x7ffa1e5c8fff monitored = 0 entry_point = 0x7ffa1e57fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 1605 start_va = 0x13669a40000 end_va = 0x13669a40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669a40000" filename = "" Region: id = 1606 start_va = 0x7ffa33cc0000 end_va = 0x7ffa33f3cfff monitored = 0 entry_point = 0x7ffa33d94970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1607 start_va = 0x7ffa34140000 end_va = 0x7ffa3425bfff monitored = 0 entry_point = 0x7ffa341802b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1608 start_va = 0x7ffa319b0000 end_va = 0x7ffa31a19fff monitored = 0 entry_point = 0x7ffa319e6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1609 start_va = 0x7ffa34720000 end_va = 0x7ffa34875fff monitored = 0 entry_point = 0x7ffa3472a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1610 start_va = 0x7ffa349d0000 end_va = 0x7ffa34b55fff monitored = 0 entry_point = 0x7ffa34a1ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1611 start_va = 0x13669a50000 end_va = 0x13669a56fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669a50000" filename = "" Region: id = 1612 start_va = 0x7ffa338b0000 end_va = 0x7ffa339f2fff monitored = 0 entry_point = 0x7ffa338d8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1613 start_va = 0x7ffa34690000 end_va = 0x7ffa346eafff monitored = 0 entry_point = 0x7ffa346a38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1614 start_va = 0x7ffa34b60000 end_va = 0x7ffa34b9afff monitored = 0 entry_point = 0x7ffa34b612f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1615 start_va = 0x7ffa34900000 end_va = 0x7ffa349c0fff monitored = 0 entry_point = 0x7ffa34920da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1616 start_va = 0x7ffa2f790000 end_va = 0x7ffa2f915fff monitored = 0 entry_point = 0x7ffa2f7dd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1617 start_va = 0x13669a60000 end_va = 0x13669a60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669a60000" filename = "" Region: id = 1618 start_va = 0x13669a70000 end_va = 0x13669a70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669a70000" filename = "" Region: id = 1619 start_va = 0x13669c00000 end_va = 0x13669d87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669c00000" filename = "" Region: id = 1620 start_va = 0x13669d90000 end_va = 0x13669f10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669d90000" filename = "" Region: id = 1621 start_va = 0x13669f20000 end_va = 0x1366b31ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669f20000" filename = "" Region: id = 1622 start_va = 0x1366b320000 end_va = 0x1366b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366b320000" filename = "" Region: id = 1623 start_va = 0x1ef3400000 end_va = 0x1ef343ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef3400000" filename = "" Region: id = 1624 start_va = 0x7ffa32050000 end_va = 0x7ffa335aefff monitored = 0 entry_point = 0x7ffa321b11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1625 start_va = 0x7ffa31f50000 end_va = 0x7ffa31f92fff monitored = 0 entry_point = 0x7ffa31f64b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1626 start_va = 0x7ffa31360000 end_va = 0x7ffa319a3fff monitored = 0 entry_point = 0x7ffa315264b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1627 start_va = 0x7ffa33a00000 end_va = 0x7ffa33aa6fff monitored = 0 entry_point = 0x7ffa33a158d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1628 start_va = 0x7ffa348a0000 end_va = 0x7ffa348f1fff monitored = 0 entry_point = 0x7ffa348af530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1629 start_va = 0x7ffa312f0000 end_va = 0x7ffa312fefff monitored = 0 entry_point = 0x7ffa312f3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1630 start_va = 0x7ffa31a20000 end_va = 0x7ffa31ad4fff monitored = 0 entry_point = 0x7ffa31a622e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1631 start_va = 0x7ffa31270000 end_va = 0x7ffa312bafff monitored = 0 entry_point = 0x7ffa312735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1632 start_va = 0x7ffa312d0000 end_va = 0x7ffa312e3fff monitored = 0 entry_point = 0x7ffa312d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1633 start_va = 0x7ffa2fbf0000 end_va = 0x7ffa2fc85fff monitored = 0 entry_point = 0x7ffa2fc15570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1634 start_va = 0x1366b400000 end_va = 0x1366b55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366b400000" filename = "" Region: id = 1635 start_va = 0x1366b560000 end_va = 0x1366b896fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1636 start_va = 0x1366b8a0000 end_va = 0x1366bab3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366b8a0000" filename = "" Region: id = 1637 start_va = 0x1366bac0000 end_va = 0x1366bcd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366bac0000" filename = "" Region: id = 1638 start_va = 0x1366b400000 end_va = 0x1366b50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366b400000" filename = "" Region: id = 1639 start_va = 0x1366b550000 end_va = 0x1366b55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366b550000" filename = "" Region: id = 1640 start_va = 0x1366bce0000 end_va = 0x1366befcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366bce0000" filename = "" Region: id = 1641 start_va = 0x1366bf00000 end_va = 0x1366c016fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366bf00000" filename = "" Region: id = 1642 start_va = 0x1ef3440000 end_va = 0x1ef347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef3440000" filename = "" Region: id = 1643 start_va = 0x7ffa33fe0000 end_va = 0x7ffa34139fff monitored = 0 entry_point = 0x7ffa340238e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1644 start_va = 0x13669a80000 end_va = 0x13669a80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669a80000" filename = "" Region: id = 1645 start_va = 0x1366b320000 end_va = 0x1366b3dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001366b320000" filename = "" Region: id = 1646 start_va = 0x1366b3f0000 end_va = 0x1366b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001366b3f0000" filename = "" Region: id = 1647 start_va = 0x13669a80000 end_va = 0x13669a83fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669a80000" filename = "" Region: id = 1648 start_va = 0x7ffa2f200000 end_va = 0x7ffa2f221fff monitored = 0 entry_point = 0x7ffa2f201a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1649 start_va = 0x7ffa2f980000 end_va = 0x7ffa2f992fff monitored = 0 entry_point = 0x7ffa2f982760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1650 start_va = 0x7ffa31080000 end_va = 0x7ffa310d5fff monitored = 0 entry_point = 0x7ffa31090bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1651 start_va = 0x13669a90000 end_va = 0x13669a96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000013669a90000" filename = "" Region: id = 1652 start_va = 0x13669aa0000 end_va = 0x13669aa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669aa0000" filename = "" Region: id = 1653 start_va = 0x13669ab0000 end_va = 0x13669ab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669ab0000" filename = "" Region: id = 1654 start_va = 0x13669ac0000 end_va = 0x13669ac4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1655 start_va = 0x13669ad0000 end_va = 0x13669ad0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 1656 start_va = 0x13669ae0000 end_va = 0x13669ae1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000013669ae0000" filename = "" Region: id = 1657 start_va = 0x7ffa26a30000 end_va = 0x7ffa26ca3fff monitored = 0 entry_point = 0x7ffa26aa0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 1658 start_va = 0x13669af0000 end_va = 0x13669af0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1659 start_va = 0x1366b3e0000 end_va = 0x1366b3e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001366b3e0000" filename = "" Thread: id = 39 os_tid = 0x84c Thread: id = 40 os_tid = 0x830 Thread: id = 41 os_tid = 0x90c Thread: id = 42 os_tid = 0x7fc